Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(730)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 26203002: Merge 158727 "Protect DOM nodes in IndentOutdentCommand::tryInde..." (Closed)

Created:
7 years, 2 months ago by yosin_UTC9
Modified:
7 years, 2 months ago
Reviewers:
yosin_UTC9
CC:
blink-reviews, dglazkov+blink, eae+blinkwatch
Visibility:
Public.

Description

Merge 158727 "Protect DOM nodes in IndentOutdentCommand::tryInde..." > Protect DOM nodes in IndentOutdentCommand::tryIndentingAsListItem() > > This patch changes IndentOutdentCommand::tryIndentingAsListItem() to use RefPtr<T> instead of raw pointer for Node and Element not to remove during insertNodeBefore() and moveParagraphWIthClones() calls, which can execute user script to remove DOM nodes. > > Note: When I tried to run a test case created by cluster fuzz, content_shell doesn't fail. It is hard to create a test case by hand. > > BUG=294456 > TEST=ClusterFuzz > > Review URL: https://codereview.chromium.org/25691002 TBR=yosin@chromium.org Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=159001

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+11 lines, -11 lines) Patch
M Source/core/editing/IndentOutdentCommand.cpp View 1 chunk +11 lines, -11 lines 0 comments Download

Messages

Total messages: 2 (0 generated)
yosin_UTC9
7 years, 2 months ago (2013-10-07 02:08:57 UTC) #1
yosin_UTC9
7 years, 2 months ago (2013-10-07 02:09:23 UTC) #2
Message was sent while issue was closed. 
Committed patchset #1 manually as r159001.

Powered by Google App Engine
This is Rietveld 408576698