Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(482)

Issue 25691002: Protect DOM nodes in IndentOutdentCommand::tryIndentingAsListItem() (Closed)

Created:
7 years, 2 months ago by yosin_UTC9
Modified:
7 years, 2 months ago
Reviewers:
tkent, inferno
CC:
blink-reviews
Visibility:
Public.

Description

Protect DOM nodes in IndentOutdentCommand::tryIndentingAsListItem() This patch changes IndentOutdentCommand::tryIndentingAsListItem() to use RefPtr<T> instead of raw pointer for Node and Element not to remove during insertNodeBefore() and moveParagraphWIthClones() calls, which can execute user script to remove DOM nodes. Note: When I tried to run a test case created by cluster fuzz, content_shell doesn't fail. It is hard to create a test case by hand. BUG=294456 TEST=ClusterFuzz Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=158727

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+11 lines, -11 lines) Patch
M Source/core/editing/IndentOutdentCommand.cpp View 1 chunk +11 lines, -11 lines 0 comments Download

Messages

Total messages: 6 (0 generated)
yosin_UTC9
Could you review this patch? Thanks in advance.
7 years, 2 months ago (2013-10-02 08:52:25 UTC) #1
tkent
Please explain the reason of no tests in the CL description.
7 years, 2 months ago (2013-10-02 09:02:32 UTC) #2
yosin_UTC9
PTAL
7 years, 2 months ago (2013-10-02 09:21:54 UTC) #3
tkent
lgtm
7 years, 2 months ago (2013-10-02 09:43:50 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/yosin@chromium.org/25691002/1
7 years, 2 months ago (2013-10-02 14:55:26 UTC) #5
commit-bot: I haz the power
7 years, 2 months ago (2013-10-02 15:30:19 UTC) #6
Message was sent while issue was closed.
Change committed as 158727

Powered by Google App Engine
This is Rietveld 408576698