[Webkit-unassigned] [Bug 39389] REGRESSION(57081): Renderer crash in WebCore::HTMLElement::isContentEditable() const
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 20 15:50:42 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=39389
James Robinson <jamesr at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|REGRESSION: Renderer crash |REGRESSION(57081): Renderer
|in |crash in
|WebCore::HTMLElement::isCon |WebCore::HTMLElement::isCon
|tentEditable() const |tentEditable() const
--- Comment #14 from James Robinson <jamesr at chromium.org> 2010-05-20 15:50:41 PST ---
Surprise surprise, this particular test case was broken by http://trac.webkit.org/changeset/57081 since that patch eliminated a style recalc that would have papered over this issue. However I think the editing code was broken before r57081 anyway since it poked into the render tree without making any effort to see if styles were up to date. It is likely that there is a way to get this code to crash before r57081 (although it might be tricky).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list