Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(178)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 64103002: Make "InsertHTML" and "Indent" commands to handle DOM tree modification during processing (Closed)

Created:
7 years, 1 month ago by yosin_UTC9
Modified:
7 years, 1 month ago
Reviewers:
tkent
CC:
blink-reviews, editing-bugs_chromium.org
Visibility:
Public.

Description

Make "InsertHTML" and "Indent" commands to handle DOM tree modification during processing This patch makes "InsertHTML" and "Indent" commands to handle DOM tree modification during processing. When calling Node::insertBefore(), JavaScript may be executed, e.g. <iframe src="javascript:...">, and it modifies DOM tree. On issue 314469, use-after-free is caused at |startBlock| variable which holds raw Node pointer removed during script execution in ReplaceSelectionCommand::doApply(). Changes for CompositeEditCommand::cloneParagraphUnderNewElement() is similar to ReplaceSelectionCommand::doApply(). |outerNode| is removed during CompositeEditCommand::appendNode(), which inserts <iframe src="javascript:...">. BUG=314469 TEST=LayoutTests/editing/inserting/insert-with-javascript-protocol-crash.html Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=161598

Patch Set 1 : 2013-11-08T13:02:58 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+53 lines, -6 lines) Patch
A LayoutTests/editing/inserting/insert-with-javascript-protocol-crash.html View 1 chunk +37 lines, -0 lines 0 comments Download
A + LayoutTests/editing/inserting/insert-with-javascript-protocol-crash-expected.txt View 0 chunks +-1 lines, --1 lines 0 comments Download
M Source/core/editing/CompositeEditCommand.cpp View 1 chunk +5 lines, -0 lines 0 comments Download
M Source/core/editing/ReplaceSelectionCommand.cpp View 2 chunks +12 lines, -7 lines 0 comments Download

Messages

Total messages: 9 (0 generated)
yosin_UTC9
Could you review this patch? Thanks in advance. -yosi P.S. Mac bot failure doesn't relate ...
7 years, 1 month ago (2013-11-08 05:10:42 UTC) #1
tkent
lgtm
7 years, 1 month ago (2013-11-08 05:16:46 UTC) #2
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/yosin@chromium.org/64103002/40001
7 years, 1 month ago (2013-11-08 05:47:06 UTC) #3
commit-bot: I haz the power
Retried try job too often on linux_blink_rel for step(s) weborigin_unittests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=linux_blink_rel&number=11687
7 years, 1 month ago (2013-11-08 07:02:16 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/yosin@chromium.org/64103002/40001
7 years, 1 month ago (2013-11-08 08:07:58 UTC) #5
commit-bot: I haz the power
Retried try job too often on linux_blink_rel for step(s) weborigin_unittests http://build.chromium.org/p/tryserver.chromium/buildstatus?builder=linux_blink_rel&number=11747
7 years, 1 month ago (2013-11-08 09:17:32 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/yosin@chromium.org/64103002/40001
7 years, 1 month ago (2013-11-08 09:25:34 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/yosin@chromium.org/64103002/40001
7 years, 1 month ago (2013-11-08 10:03:01 UTC) #8
commit-bot: I haz the power
7 years, 1 month ago (2013-11-08 10:06:20 UTC) #9
Message was sent while issue was closed. 
Change committed as 161598

Powered by Google App Engine
This is Rietveld 408576698