[Webkit-unassigned] [Bug 28710] Copy some forms of text causes Webkit crash in CSSStyleDeclaration::copyPropertiesInSet
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 31 20:02:35 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=28710
--- Comment #8 from Ryosuke Niwa <rniwa at webkit.org> 2009-08-31 20:02:35 PDT ---
I did some investigation with the test case I posted.
http://trac.webkit.org/browser/trunk/WebCore/dom/Position.cpp#L199
On the line 211, anchorNode() is returning the html node, and
n->isElementNode() is returning false so that n->parentNode() is called on
n=html element.
editingStyleAtPosition is called from
http://trac.webkit.org/browser/trunk/WebCore/editing/markup.cpp#L1005
parentOfLastClosed is also html element.
When text-decoration: inherit is removed from the html element, the position
points to div, and everything works fine.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list