WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
60534
Crashes if the document inside iframe is removed during pasting some text into it.
https://bugs.webkit.org/show_bug.cgi?id=60534
Summary
Crashes if the document inside iframe is removed during pasting some text int...
Hajime Morrita
Reported
2011-05-09 22:32:33 PDT
Repro and patch will some shortly.
Attachments
Patch
(4.63 KB, patch)
2011-05-10 01:44 PDT
,
Hajime Morrita
no flags
Details
Formatted Diff
Diff
Patch
(4.76 KB, patch)
2011-05-11 21:29 PDT
,
Hajime Morrita
tkent
: review+
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Hajime Morrita
Comment 1
2011-05-10 01:44:01 PDT
Created
attachment 92929
[details]
Patch
Kent Tamura
Comment 2
2011-05-10 01:56:13 PDT
Comment on
attachment 92929
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=92929&action=review
> LayoutTests/editing/pasteboard/resources/paste-removing-iframe-child.html:12 > + // Calls notifyDone() before because the removal > + // can terminate the scdript execution. > + if (window.parent.layoutTestController) > + window.parent.layoutTestController.notifyDone(); > + var toRemove = window.parent.document.getElementById("child"); > + toRemove.parentNode.removeChild(toRemove);
Does this correctly crash without the Editor.cpp change? I think notifyDone() immediately terminates the test.
Hajime Morrita
Comment 3
2011-05-10 03:33:30 PDT
Hi Kent-san, thank you for taking a look!
> Does this correctly crash without the Editor.cpp change? > I think notifyDone() immediately terminates the test.
It works for Mac DRT which just set flag on notifyDone() to exit the event loop. But I have no idea for other port. So I'd like to search safer way.
Kent Tamura
Comment 4
2011-05-10 03:45:58 PDT
(In reply to
comment #3
) I think we can use a DOM mutation event in the parent document.
Ryosuke Niwa
Comment 5
2011-05-10 08:09:33 PDT
Comment on
attachment 92929
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=92929&action=review
> LayoutTests/editing/pasteboard/resources/paste-removing-iframe-child.html:8 > + // can terminate the scdript execution.
Typo: scdript
> LayoutTests/editing/pasteboard/resources/paste-removing-iframe-child.html:10 > + if (window.parent.layoutTestController) > + window.parent.layoutTestController.notifyDone();
You can't call notifyDone before removing the node.
Ryosuke Niwa
Comment 6
2011-05-10 08:10:53 PDT
(In reply to
comment #4
)
> (In reply to
comment #3
) > I think we can use a DOM mutation event in the parent document.
Can't we just do setTimeout(function() {layoutTestController.notifyDone();}, 0) ?
Ryosuke Niwa
Comment 7
2011-05-11 08:38:41 PDT
Comment on
attachment 92929
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=92929&action=review
r- per various commets.
> LayoutTests/editing/pasteboard/paste-removing-iframe.html:9 > +<h1>PASS unless crash.</h1>
You need to be more descriptive here. Also, you should just print PASS when WebKit didn't crash.
Hajime Morrita
Comment 8
2011-05-11 21:29:29 PDT
Created
attachment 93242
[details]
Patch
Hajime Morrita
Comment 9
2011-05-11 21:33:18 PDT
Kent-san, Ryosuke, thank you for reviewing! I updated the patch, in which I moved test script from child frame to parent frame.
> > LayoutTests/editing/pasteboard/paste-removing-iframe.html:9 > > +<h1>PASS unless crash.</h1> > > You need to be more descriptive here. Also, you should just print PASS when WebKit didn't crash.
Add more explanation as a comment (to make explanation small) and simplify the text.
Kent Tamura
Comment 10
2011-05-11 22:09:28 PDT
Comment on
attachment 93242
[details]
Patch ok
Hajime Morrita
Comment 11
2011-05-11 22:40:37 PDT
Committed
r86311
: <
http://trac.webkit.org/changeset/86311
>
Ademar Reis
Comment 12
2011-05-26 15:44:47 PDT
Revision
r86311
cherry-picked into qtwebkit-2.2 with commit 25483fc <
http://gitorious.org/webkit/qtwebkit/commit/25483fc
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug