[Webkit-unassigned] [Bug 121694] Assertion failure in Range::nodeWillBeRemoved
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 17 12:02:38 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=121694
--- Comment #9 from Ryosuke Niwa <rniwa at webkit.org> 2014-01-17 12:00:13 PST ---
(In reply to comment #8)
> (In reply to comment #7)
> > (From update of attachment 221373 [details] [details])
> > View in context: https://bugs.webkit.org/attachment.cgi?id=221373&action=review
> >
> > > Source/WebCore/dom/ContainerNode.cpp:493
> > > disconnectSubframesIfNeeded(toContainerNode(child), RootAndDescendants);
> >
> > On my second thought, we probably shouldn't be calling this function if child.parentNode() != this so the above if statement should probably be an early exit instead.
> >
>
> I don't understand this. The above if is that
>
> Source/WebCore/dom/ContainerNode.cpp:492
> if (child.isContainerNode())
>
> But this is at the end of the method, how could be this an early exit? Can you expose this for me? I'm rookie in DOM, but want to understand. :)
What I'm saying is that that condition is not sufficient. If child had already been removed or inserted elsewhere, we should not be calling disconnectSubframesIfNeeded either.
Which means that we should have
if (child.parentNode() == this)
return;
right before we call nodeWillBeRemoved instead.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list