-
rniwa@webkit.org authored
Reviewed by Darin Adler. Crash in ApplyStyleCommand::surroundNodeRangeWithElement https://bugs.webkit.org/show_bug.cgi?id=48581 The crash was caused by a false assertion that we can always recover selection in ApplyStyleCommand::removeInlineStyle. Fixed the crash by removing the assertion and adding an early exit to the call site. Also converted raw pointers to RefPtr in surroundNodeRangeWithElement and addInlineStyleIfNeeded. Test (non-Mac platforms): editing/style/iframe-onload-crash.html * editing/ApplyStyleCommand.cpp: (WebCore::ApplyStyleCommand::applyInlineStyle): (WebCore::ApplyStyleCommand::removeInlineStyle): (WebCore::ApplyStyleCommand::surroundNodeRangeWithElement): (WebCore::ApplyStyleCommand::addInlineStyleIfNeeded): * editing/ApplyStyleCommand.h: 2010-11-04 Ryosuke Niwa <rniwa@webkit.org> Reviewed by Darin Adler. Re-enabled editing/style/iframe-onload-crash.html on Chromium, Qt, and Windows platforms. * platform/chromium/test_expectations.txt: * platform/qt/Skipped: * platform/win/Skipped: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@71431 268f45cc-cd09-0410-ab3c-d52691b4dbfccaa18c1b
