[Webkit-unassigned] [Bug 41523] Crash in RenderObject::containingBlock when clearing selection in a display:none node.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 2 14:11:45 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=41523
--- Comment #5 from Ojan Vafai <ojan at chromium.org> 2010-07-02 14:11:45 PST ---
(In reply to comment #4)
> (From update of attachment 60400 [details])
> Is updateStyle sufficient? I’d expect that you’d need updateLayout, otherwise you could still have stale renderers of other kinds.
I think it's sufficient. I tried things like removing the node using removeChild or setting innerHTML. In both cases, we are careful to clear the selection before doing those action (e.g. see SelectionController::nodeWillBeRemoved).
> Don't you need the update in the range code path too?
What's the equivalent Range code path to clearing the selection? I tried deleteContents on Range, but that also clears the selection.
> Is it safe to use the stale RenderView pointer? Maybe the update should be done before calling contentRenderer.
I think you're right (it's not safe). I'll move the call up.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list