Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(59)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash.html

Issue 1315983004: Fix use-after-free bug in long press selection (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: fix minor issue Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash-expected.txt » ('j') | LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash-expected.txt » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash.html
diff --git a/LayoutTests/editing/selection/selection-in-iframe-removed-crash.html b/LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash.html
similarity index 54%
copy from LayoutTests/editing/selection/selection-in-iframe-removed-crash.html
copy to LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash.html
index 3d49e31c896ffb21f8e5e9f25ea9e7e3c1cdaf12..b1bebfbee953f8bba3e8ef9e30635171ac1159e3 100644
--- a/LayoutTests/editing/selection/selection-in-iframe-removed-crash.html
+++ b/LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash.html
@@ -2,8 +2,13 @@
<html>
Test passes if it does not crash.
<script>
-if (window.testRunner)
+if (!window.testRunner || !window.eventSender)
+ document.body.textContent = "The test requires window.testRunner and window.eventSender";
+
+if (window.testRunner) {
+ testRunner.waitUntilDone();
testRunner.dumpAsText();
+}
var docElement = document.documentElement;
function crash() {
@@ -13,14 +18,20 @@ function crash() {
document1 = document.implementation.createDocument("", null);
iframe1.addEventListener("DOMFocusOut", function () { document1.adoptNode(iframe1); }, false);
iframe1.focus();
- setTimeout("finish();", 0);
+ iframe1.addEventListener('load', finish, false);
yosin_UTC9 2015/08/31 02:11:13 nit: We don't need to have |false|.
majidvp 2015/08/31 18:06:25 Done.
majidvp 2015/08/31 18:06:25 Acknowledged.
}
function finish() {
document.designMode = "on";
- range1 = document.createRange();
- range1.selectNodeContents(iframe1.contentDocument);
- window.getSelection().addRange(range1);
+
+ var clientRect = iframe1.getBoundingClientRect();
+ var x = clientRect.left + 10;
+ var y = clientRect.top + 10;
+ if (window.eventSender)
+ eventSender.gestureLongPress(x, y);
+
+ if (window.testRunner)
+ setTimeout(function(){ testRunner.notifyDone(); }, 0);
yosin_UTC9 2015/08/31 02:11:13 nit: insert an space after |()|.
majidvp 2015/08/31 18:06:25 Done.
}
document.addEventListener("DOMContentLoaded", crash, false);
yosin_UTC9 2015/08/31 02:11:13 nit: We don't need to have |false|.
majidvp 2015/08/31 18:06:25 Done.
« no previous file with comments | « no previous file | LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash-expected.txt » ('j') | LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash-expected.txt » ('J')

Powered by Google App Engine
This is Rietveld 408576698