| Index: third_party/WebKit/Source/core/page/DragController.cpp
|
| diff --git a/third_party/WebKit/Source/core/page/DragController.cpp b/third_party/WebKit/Source/core/page/DragController.cpp
|
| index 3b559f9366ee8eba8cf1cfd56db82e9e2adfc328..819283e3f69b83e1460c4d55018a57ad47d5a4f1 100644
|
| --- a/third_party/WebKit/Source/core/page/DragController.cpp
|
| +++ b/third_party/WebKit/Source/core/page/DragController.cpp
|
| @@ -491,6 +491,13 @@ bool DragController::concludeEditDrag(DragData* dragData)
|
|
|
| VisibleSelection dragCaret(m_page->dragCaretController().caretPosition());
|
| m_page->dragCaretController().clear();
|
| + // |innerFrame| can be removed by event handler called by
|
| + // |dispatchTextInputEventFor()|.
|
| + if (!innerFrame->selection().isAvailable()) {
|
| + // "editing/pasteboard/drop-text-events-sideeffect-crash.html" reaches
|
| + // here.
|
| + return false;
|
| + }
|
| Range* range = createRange(dragCaret.toNormalizedEphemeralRange());
|
| Element* rootEditableElement = innerFrame->selection().rootEditableElement();
|
|
|
|
|
Chromium Code Reviews
Issue 2001083002:
Explicit management of FrameSelection availability (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master