https://bugs.webkit.org/show_bug.cgi?id=222718
Patch by Frédéric Wang <fwang@igalia.com> on 2021-04-06
Reviewed by Ryosuke Niwa.
Source/WebCore:
During executions of "undo" and "redo" commands, beforeinput and input events are dispatched
on root editable elements. It is however possible that these elements had been disconnected,
causing nullptr crash. This patch exits the command execution early if that's the case.
Test: editing/undo/undo-with-disconnected-editable-element-crash.html
* editing/CompositeEditCommand.cpp:
(WebCore::EditCommandComposition::areRootEditabledElementsConnected): Add helper function
to check whether m_startingRootEditableElement and m_endingRootEditableElement are still
connected.
(WebCore::EditCommandComposition::unapply): Exit early if root editable elements are no
longer connected. Put this after the layout update.
(WebCore::EditCommandComposition::reapply): Ditto.
* editing/CompositeEditCommand.h: Declare new helper function.
LayoutTests:
Add regression test.
* editing/undo/undo-with-disconnected-editable-element-crash-expected.txt: Added.
* editing/undo/undo-with-disconnected-editable-element-crash.html: Added.
* editing/undo/undo-with-disconnected-editable-element-crash.js: Added.
(runTests.window.parent.onwebkitanimationiteration):
(runTests):
Canonical link: https://commits.webkit.org/236155@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@275498 268f45cc-cd09-0410-ab3c-d52691b4dbfc
