[Webkit-unassigned] [Bug 94740] Crash in EditingStyle::mergeStyle
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 27 00:51:01 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=94740
--- Comment #2 from Ryosuke Niwa (vacation: 8/26-9/10) <rniwa at webkit.org> 2012-08-27 00:51:02 PST ---
(From update of attachment 160619)
View in context: https://bugs.webkit.org/attachment.cgi?id=160619&action=review
> Source/WebCore/ChangeLog:15
> + 2. The first remove phrase (removeInlineStyle()) thus did not remove <a>.
> + 3. Then, we called fixRangeAndApplyInlineStyle(). In this method, we set
> + pastEndNode to the next sibling of <progress>.
I don't really follow these two steps. Revise?
> Source/WebCore/ChangeLog:16
> + 4. Then, we called removeStyleFromRunBeforeApplyingStyle(). This method tried
"Then" is redundant given you've numbered them 1-4.
> Source/WebCore/editing/ApplyStyleCommand.cpp:801
> - next = node->traverseNextNode();
> + next = editingIgnoresContent(node.get()) ? node->traverseNextSibling() : node->traverseNextNode();
We need to make sure the ignored content doesn't contain pastEndNode.
We should either assert that and/or break the loop when that's not the case.
> Source/WebCore/editing/ApplyStyleCommand.cpp:1051
> + RefPtr<Node> next = editingIgnoresContent(node) ? node->traverseNextSibling() : node->traverseNextNode();
Ditto.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list