[Webkit-unassigned] [Bug 67668] New: Crashes in WebCore::EditCommand::apply(), DeleteSelectionCommand::doApply()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 6 13:29:08 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=67668
Summary: Crashes in WebCore::EditCommand::apply(),
DeleteSelectionCommand::doApply()
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Major
Priority: P2
Component: HTML Editing
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: inferno at chromium.org
CC: rniwa at webkit.org, cdn at chromium.org
testcase1::
<feSpotLight><sub id="div" contenteditable="true"><script>
var sel = window.getSelection();
sel.setPosition(div, 0);
document.execCommand("InsertHTML", false, "<dl>");
</script>
testcase2::
><meter contenteditable><span id="wrapper">><script>
var sel = window.getSelection();
sel.setPosition(document.getElementById("wrapper"), 1);
document.execCommand("InsertParagraph", false, null);
</script>
testcase3::
<div contenteditable="true" id="div"><hkern><span contenteditable="false"><dl>000A0<script>
var sel = window.getSelection();
sel.setPosition(div, 2000000000);
document.execCommand("Delete");
</script>
These might be contributing to the top crashers in chromium
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list