Source/core/editing/FrameSelection.cpp - Issue 25004008: Harden FrameSelection methods against JS running inside recalcStyle

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: Source/core/editing/FrameSelection.cpp

Issue 25004008: Harden FrameSelection methods against JS running inside recalcStyle (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Created 7 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: Source/core/editing/FrameSelection.cpp

diff --git a/Source/core/editing/FrameSelection.cpp b/Source/core/editing/FrameSelection.cpp

index 2612860755ac4f5ff1a9c60394ad1003990fd77e..3741a185fcd07ac49cbf56be9af79e91b2aec2ef 100644

--- a/Source/core/editing/FrameSelection.cpp

+++ b/Source/core/editing/FrameSelection.cpp

@@ -1552,10 +1552,13 @@ void FrameSelection::focusedOrActiveStateChanged()

{

bool activeAndFocused = isFocusedAndActive();

+ RefPtr<Document> document = m_frame->document();

+ document->updateStyleIfNeeded();

// Because RenderObject::selectionBackgroundColor() and

// RenderObject::selectionForegroundColor() check if the frame is active,

// we have to update places those colors were painted.

- if (RenderView* view = m_frame->document()->renderView())

abarth-chromium 2013/09/27 22:55:00 Should we bail out at some point if the document l

+ if (RenderView* view = document->renderView())

view->repaintSelection();

// Caret appears in the active frame.

@@ -1571,7 +1574,7 @@ void FrameSelection::focusedOrActiveStateChanged()

// Because StyleResolver::checkOneSelector() and

// RenderTheme::isFocused() check if the frame is active, we have to

// update style and theme state that depended on those.

- if (Element* element = m_frame->document()->focusedElement()) {

+ if (Element* element = document->focusedElement()) {

element->setNeedsStyleRecalc();

if (RenderObject* renderer = element->renderer()) {

if (renderer && renderer->style()->hasAppearance())

@@ -1580,7 +1583,7 @@ void FrameSelection::focusedOrActiveStateChanged()

}

// Secure keyboard entry is set by the active frame.

- if (m_frame->document()->useSecureKeyboardEntryWhenActive())

+ if (document->useSecureKeyboardEntryWhenActive())

setUseSecureKeyboardEntry(activeAndFocused);

}

@@ -1822,12 +1825,15 @@ bool FrameSelection::shouldDeleteSelection(const VisibleSelection& selection) co

FloatRect FrameSelection::bounds(bool clipToVisibleContent) const

{

- RenderView* root = m_frame->contentRenderer();

+ m_frame->document()->updateStyleIfNeeded();

FrameView* view = m_frame->view();

- if (!root || !view)

- return LayoutRect();

+ RenderView* renderView = m_frame->contentRenderer();

+ if (!view || !renderView);

+ return FloatRect();

- LayoutRect selectionRect = root->selectionBounds(clipToVisibleContent);

+ LayoutRect selectionRect = renderView->selectionBounds(clipToVisibleContent);

return clipToVisibleContent ? intersection(selectionRect, view->visibleContentRect()) : selectionRect;

}

« no previous file with comments | « no previous file | Source/core/rendering/RenderView.cpp » ('j') | Source/core/rendering/RenderView.cpp » ('J')