[webkit-changes] cvs commit: WebKit/WebView.subproj WebHTMLView.m WebHTMLViewPrivate.h

Justin justing at opensource.apple.com
Tue Dec 20 16:23:10 PST 2005 

justing     05/12/20 16:23:09

  Modified:    .        ChangeLog
               WebView.subproj WebHTMLView.m WebHTMLViewPrivate.h
  Log:
   2005-12-16  Justin Garcia  <justin.garcia at apple.com>
  
           <rdar://problem/4103393> Frequent Safari crash on lexisnexus.com (khtml::Selection::xPosForVerticalArrowNavigation)
           <rdar://problem/4330451> CrashTracer: [REGRESSION] 2235 crashes in Safari at com.apple.WebCore: khtml::Selection::xPosForVerticalArrowNavigation const  436
  
           Reviewed by darin
  
           WebCore will crash when a selection that starts or ends in a node
           that has been removed from the document is modify()d.  This can occur:
           (1) in non-editable regions (4103393 and 4330451), (2) in editable
           regions (4383146) as the result of arbitrary DOM operations, and (3) in
           Mail (4099739) as the result of an editing operation that sets a
           bad ending selection.
  
           Crashes of type (1) can occur when the user uses the arrow keys
           to interact with a web app, or when the user tries to use
           command-shift-arrow to switch tabs (this is a depricated
           combo that will work if no one else responds to it). The easiest
           way to fix these crashes is to disallow editing'ish selection changes
           like moveDown:, selectWord:, pageDown:, etc, when the selection
           is in a non-editable region.
  
           Crashes of type (2) will require a more complicated fix (but occur
           much less often than type (1)).  Crashes of type (3) must be
           fixed by tracking down the editing operation that sets bad selections.
  
           Added a layout-test:
           * editing/selection/selection-actions.html
  
           * WebView.subproj/WebHTMLView.m:
           (-[WebHTMLView _canAlterCurrentSelection]):
           (-[WebHTMLView _alterCurrentSelection:direction:granularity:]):
           (-[WebHTMLView _alterCurrentSelection:verticalDistance:]):
           (-[WebHTMLView _expandSelectionToGranularity:]):
           * WebView.subproj/WebHTMLViewPrivate.h:
  
  Revision  Changes    Path
  1.3421    +36 -0     WebKit/ChangeLog
  
  Index: ChangeLog
  ===================================================================
  RCS file: /cvs/root/WebKit/ChangeLog,v
  retrieving revision 1.3420
  retrieving revision 1.3421
  diff -u -r1.3420 -r1.3421
  --- ChangeLog	20 Dec 2005 21:36:37 -0000	1.3420
  +++ ChangeLog	21 Dec 2005 00:22:55 -0000	1.3421
  @@ -1,3 +1,39 @@
  + 2005-12-16  Justin Garcia  <justin.garcia at apple.com>
  + 
  +         <rdar://problem/4103393> Frequent Safari crash on lexisnexus.com (khtml::Selection::xPosForVerticalArrowNavigation)
  +         <rdar://problem/4330451> CrashTracer: [REGRESSION] 2235 crashes in Safari at com.apple.WebCore: khtml::Selection::xPosForVerticalArrowNavigation const  436
  +         
  +         Reviewed by darin
  +         
  +         WebCore will crash when a selection that starts or ends in a node 
  +         that has been removed from the document is modify()d.  This can occur:
  +         (1) in non-editable regions (4103393 and 4330451), (2) in editable 
  +         regions (4383146) as the result of arbitrary DOM operations, and (3) in 
  +         Mail (4099739) as the result of an editing operation that sets a 
  +         bad ending selection.
  +         
  +         Crashes of type (1) can occur when the user uses the arrow keys 
  +         to interact with a web app, or when the user tries to use 
  +         command-shift-arrow to switch tabs (this is a depricated
  +         combo that will work if no one else responds to it). The easiest 
  +         way to fix these crashes is to disallow editing'ish selection changes 
  +         like moveDown:, selectWord:, pageDown:, etc, when the selection 
  +         is in a non-editable region.
  +         
  +         Crashes of type (2) will require a more complicated fix (but occur 
  +         much less often than type (1)).  Crashes of type (3) must be 
  +         fixed by tracking down the editing operation that sets bad selections.
  +         
  +         Added a layout-test:
  +         * editing/selection/selection-actions.html
  + 
  +         * WebView.subproj/WebHTMLView.m:
  +         (-[WebHTMLView _canAlterCurrentSelection]):
  +         (-[WebHTMLView _alterCurrentSelection:direction:granularity:]):
  +         (-[WebHTMLView _alterCurrentSelection:verticalDistance:]):
  +         (-[WebHTMLView _expandSelectionToGranularity:]):
  +         * WebView.subproj/WebHTMLViewPrivate.h:
  +
   2005-12-20  Justin Garcia  <justin.garcia at apple.com>
   
           Reviewed by mitz
  
  
  
  1.493     +14 -0     WebKit/WebView.subproj/WebHTMLView.m
  
  Index: WebHTMLView.m
  ===================================================================
  RCS file: /cvs/root/WebKit/WebView.subproj/WebHTMLView.m,v
  retrieving revision 1.492
  retrieving revision 1.493
  diff -u -r1.492 -r1.493
  --- WebHTMLView.m	16 Dec 2005 16:51:10 -0000	1.492
  +++ WebHTMLView.m	21 Dec 2005 00:23:07 -0000	1.493
  @@ -1520,6 +1520,11 @@
       return [self _hasSelectionOrInsertionPoint] && [self _isEditable];
   }
   
  +- (BOOL)_canAlterCurrentSelection
  +{
  +    return [self _hasSelectionOrInsertionPoint] && [self _isEditable];
  +}
  +
   - (BOOL)_hasSelection
   {
       return [[self _bridge] selectionState] == WebSelectionStateRange;
  @@ -3345,6 +3350,9 @@
   
   - (void)_alterCurrentSelection:(WebSelectionAlteration)alteration direction:(WebBridgeSelectionDirection)direction granularity:(WebBridgeSelectionGranularity)granularity
   {
  +    if (![self _canAlterCurrentSelection])
  +        return;
  +        
       WebBridge *bridge = [self _bridge];
       DOMRange *proposedRange = [bridge rangeByAlteringCurrentSelection:alteration direction:direction granularity:granularity];
       WebView *webView = [self _webView];
  @@ -3355,6 +3363,9 @@
   
   - (void)_alterCurrentSelection:(WebSelectionAlteration)alteration verticalDistance:(float)verticalDistance
   {
  +    if (![self _canAlterCurrentSelection])
  +        return;
  +        
       WebBridge *bridge = [self _bridge];
       DOMRange *proposedRange = [bridge rangeByAlteringCurrentSelection:alteration verticalDistance:verticalDistance];
       WebView *webView = [self _webView];
  @@ -3567,6 +3578,9 @@
   
   - (void)_expandSelectionToGranularity:(WebBridgeSelectionGranularity)granularity
   {
  +    if (![self _canAlterCurrentSelection])
  +        return;
  +        
       WebBridge *bridge = [self _bridge];
       DOMRange *range = [bridge rangeByExpandingSelectionWithGranularity:granularity];
       if (range && ![range collapsed]) {
  
  
  
  1.96      +1 -0      WebKit/WebView.subproj/WebHTMLViewPrivate.h
  
  Index: WebHTMLViewPrivate.h
  ===================================================================
  RCS file: /cvs/root/WebKit/WebView.subproj/WebHTMLViewPrivate.h,v
  retrieving revision 1.95
  retrieving revision 1.96
  diff -u -r1.95 -r1.96
  --- WebHTMLViewPrivate.h	20 Sep 2005 08:33:05 -0000	1.95
  +++ WebHTMLViewPrivate.h	21 Dec 2005 00:23:08 -0000	1.96
  @@ -78,6 +78,7 @@
   - (BOOL)_canDelete;
   - (BOOL)_canPaste;
   - (BOOL)_canEdit;
  +- (BOOL)_canAlterCurrentSelection;
   - (BOOL)_hasSelection;
   - (BOOL)_hasSelectionOrInsertionPoint;
   - (BOOL)_isEditable;

More information about the webkit-changes mailing list