[Webkit-unassigned] [Bug 67668] Crashes in WebCore::EditCommand::apply(), DeleteSelectionCommand::doApply()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 9 11:21:06 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=67668
--- Comment #13 from Abhishek Arya <inferno at chromium.org> 2011-09-09 11:21:06 PST ---
Guys, can you handle some more. It is awesome to knock these null ptrs
1)
<dl><div id="div" contenteditable="true"A><script>
div.focus();
document.execCommand("InsertUnorderedList");
</script>
Crash
WebCore::InsertListCommand::unlistifyParagraph(WebCore::VisiblePosition const&, WebCore::HTMLElement*, WebCore::Node*)
WebCore::InsertListCommand::doApplyForSingleParagraph(bool, WebCore::QualifiedName const&, WebCore::Range*)
WebCore::InsertListCommand::doApply()
WebCore::EditCommand::apply()
WebCore::executeInsertUnorderedList(WebCore::Frame*, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) third_party/WebKit/Source/WebCore/editing/EditorCommand.cpp:0
WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const
2)
><a id="anchor" href="http://www.google.com/"><feDisplacementMap>A0A0AAAA0AA<base id="paste" contenteditable="true"><br><script>
var sel = window.getSelection();
var range = document.createRange();
range.selectNodeContents(anchor);
sel.addRange(range);
document.execCommand("Copy");
paste.focus();
document.execCommand("Paste");
</script>
WebCore::nextCandidate(WebCore::Position const&)
WebCore::ReplaceSelectionCommand::positionAtStartOfInsertedContent()
WebCore::ReplaceSelectionCommand::doApply()
WebCore::EditCommand::apply()
WebCore::Editor::replaceSelectionWithFragment(WTF::PassRefPtr<WebCore::DocumentFragment>, bool, bool, bool)
WebCore::Editor::handleTextEvent(WebCore::TextEvent*)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list