[Webkit-unassigned] [Bug 52268] Setting outerText should convert CR/LF to <br>
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 11 23:10:07 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=52268
--- Comment #4 from Eric Seidel <eric at webkit.org> 2011-01-11 23:10:07 PST ---
(From update of attachment 78645)
View in context: https://bugs.webkit.org/attachment.cgi?id=78645&action=review
> Source/WebCore/html/HTMLElement.cpp:381
> + ec = 0;
I think this is generally the callers responsibility in WebCore.
> Source/WebCore/html/HTMLElement.cpp:390
> + fragment->appendChild(Text::create(document(), text.substring(lineStart, i - lineStart)), ec);
If this can run arbitrary javascript, "this" could get deleted, no? Do we need to suspend mutation events during this?
> Source/WebCore/html/HTMLElement.cpp:399
> + lineStart = i + 1;
I find it difficult to read this loop and understand what its doing. I can't tell if that's a variable naming problem, the way the blocks are split up, or just my own thick-headedness at this hour.
> Source/WebCore/html/HTMLElement.cpp:498
> + textPrev->appendData(textNode->data(), ec);
Does this cause JS to run? If so, our pointers could go invalid.
> Source/WebCore/html/HTMLElement.cpp:511
> + RefPtr<Text> textNext = static_cast<Text*>(next.get());
> + RefPtr<Text> textNode = static_cast<Text*>(node);
> + textNode->appendData(textNext->data(), ec);
Seems we just did this above. Maybe there is code to share here?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list