Bug 1361052 - DeleteSelectionAndPrepareToCreateNode should be more safety. r?masayuki
Bug 768765 isn't enough for fix. Since Selection::GetAnchorFocusRange can
return nullptr, we should consider this condition.
And I cannot reproduce this using crash test, so I add mochitest for this.
MozReview-Commit-ID: 8Ei5YBIBuWv
--- a/editor/libeditor/EditorBase.cpp
+++ b/editor/libeditor/EditorBase.cpp
@@ -4392,17 +4392,19 @@ EditorBase::ShouldHandleIMEComposition()
return mComposition && mDidPostCreate;
}
nsresult
EditorBase::DeleteSelectionAndPrepareToCreateNode()
{
RefPtr<Selection> selection = GetSelection();
NS_ENSURE_TRUE(selection, NS_ERROR_NULL_POINTER);
- MOZ_ASSERT(selection->GetAnchorFocusRange());
+ if (NS_WARN_IF(!selection->GetAnchorFocusRange())) {
+ return NS_OK;
+ }
if (!selection->GetAnchorFocusRange()->Collapsed()) {
nsresult rv = DeleteSelection(nsIEditor::eNone, nsIEditor::eStrip);
NS_ENSURE_SUCCESS(rv, rv);
MOZ_ASSERT(selection->GetAnchorFocusRange() &&
selection->GetAnchorFocusRange()->Collapsed(),
"Selection not collapsed after delete");
--- a/editor/libeditor/tests/mochitest.ini
+++ b/editor/libeditor/tests/mochitest.ini
@@ -245,16 +245,17 @@ skip-if = toolkit == 'android' # bug 131
[test_bug1318312.html]
[test_bug1328023.html]
[test_bug1330796.html]
[test_bug1332876.html]
[test_bug1352799.html]
[test_bug1355792.html]
[test_bug1358025.html]
[test_bug1361008.html]
+[test_bug1361052.html]
[test_bug1368544.html]
[test_bug1385905.html]
[test_bug1390562.html]
[test_bug1394758.html]
[test_bug1399722.html]
[test_bug1406726.html]
[test_bug1409520.html]
[test_bug1425997.html]
new file mode 100644
--- /dev/null
+++ b/editor/libeditor/tests/test_bug1361052.html
@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>Test for Bug 1361052</title>
+ <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <script type="application/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1361052">Mozilla Bug 1361052</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+</div>
+<pre id="test">
+<script class="testbody" type="application/javascript">
+
+SimpleTest.waitForExplicitFinish();
+
+SimpleTest.waitForFocus(() => {
+ var strike = document.createElement('strike');
+ strike.contentEditable = true;
+ document.documentElement.appendChild(strike);
+
+ var textarea = document.createElement('textarea');
+ document.documentElement.appendChild(textarea);
+
+ var h5 = document.createElement('h5');
+ strike.appendChild(h5);
+
+ textarea.setCustomValidity("A");
+ document.documentElement.dir = "rtl";
+ document.designMode = "on";
+ document.execCommand("styleWithCSS", false, true);
+ document.designMode = "off";
+ textarea.reportValidity();
+ document.documentElement.dir = "ltr";
+
+ var range = document.createRange();
+ range.selectNode(h5);
+ window.getSelection().addRange(range);
+
+ document.execCommand("inserthorizontalrule", false, null);
+ ok(true, "No crash");
+
+ SimpleTest.finish();
+});
+</script>
+</pre>
+</body>
+</html>