New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 605499 link

Starred by 0 users

Issue metadata

Status: WontFix
Owner:
Closed: Dec 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug

Blocked on:
issue 625533



Sign in to add a comment

ASSERTION FAILED: currentPos.atStartOfNode()

Project Member Reported by ClusterFuzz, Apr 21 2016

Issue description

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6243545467322368

Fuzzer: inferno_twister
Job Type: linux_debug_content_shell_drt
Platform Id: linux

Crash Type: ASSERT
Crash Address: 
Crash State:
  ASSERTION FAILED: currentPos.atStartOfNode()
  blink::PositionTemplate<blink::EditingAlgorithm<blink::NodeTraversal> > blink::m
  blink::mostForwardCaretPosition
  

Minimized Testcase (0.23 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94UwOEpsnrIvjdwQKkhCqlZgfenvWCqVnvtpV5HRe00C-Lyoou-b63gqSgxF6MkDWup3en2NNBUGMLJnjrTWqbBnGZrjcNCf3Lj8UUBPSgaY0oAILUMad2cwf3xLVt9txG-ABOvgDt_aaCogjjaog9WFdH8Dg
<script>
function editingTest() {
    document.execCommand('SelectAll')
    document.body.textContent = "PASS. WebKit didn't crash.";
};
</script>
<style>* ::first-letter {
    visibility: hidden
</style>
<body onload=editingTest()>


Filer: ssamanoori

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.
 
Components: Blink>Editing
Labels: findit-for-crash Te-Logged ToolsTestsFindItCorrectResult M-50
Owner: yoichio@chromium.org
Status: Assigned (was: Available)
	Regression information is not available. The result is the blame information.

Author: yoichio@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/fdcc2218d0cad104d2c3cd85c7d2875ec782116b
Time: Thu Aug 20 08:21:08 2015
The CL last changed line 2570 of file VisibleUnits.cpp, which is stack frame 0.

Author: yoichio@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/741bea9a29d4f97a4467c3d601ad720e02711e44
Time: Fri Aug 21 08:38:08 2015
The CL last changed line 2621 of file VisibleUnits.cpp, which is stack frame 1.

Author: yosin@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/00d9f74fb98ac403c2067a1b3fc88e64b46a3700
Time: Tue Sep 01 07:07:15 2015
The CL last changed line 114 of file VisibleUnits.cpp, which is stack frame 2.

Author: yosin@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/00d9f74fb98ac403c2067a1b3fc88e64b46a3700
Time: Tue Sep 01 07:07:15 2015
The CL last changed line 163 of file VisibleUnits.cpp, which is stack frame 3.

Author: yosin
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/295a06cf79d635079bf750560457a724f6a8e16e
Time: Tue Sep 29 11:16:28 2015
The CL last changed line 65 of file VisiblePosition.cpp, which is stack frame 4.

Author: yosin@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/9047308a9fb4ba91b052b2e7f9f02b09a7f42e19
Time: Mon Sep 07 06:19:55 2015
The CL last changed line 87 of file VisiblePosition.cpp, which is stack frame 5.

Author: yosin@chromium.org
Component: chromium
Changelist: https://chromium.googlesource.com/chromium/src//+/9047308a9fb4ba91b052b2e7f9f02b09a7f42e19
Time: Mon Sep 07 06:19:55 2015
The CL last changed line 82 of file VisiblePosition.cpp, which is stack frame 6.

Suspected Component: chromium
================================
Above is the only CL from findit and the changes made to file "VisibleUnits.cpp" from the frame 0 is more related to it. 

yoichio@ :Could you please look into this issue if it is related to your change,else please route this issue to an appropriate dev person.

Thanks,

Comment 2 by yosin@chromium.org, Jul 4 2016

Owner: yosin@chromium.org
We should make FrameSelection to aware style changes.
This should be fixed by lazy visible canonicalization.

Comment 3 by yosin@chromium.org, Jul 4 2016

Blockedon: 625533
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by yosin@chromium.org, Nov 28 2016

Status: Started (was: Assigned)
WIP: http://crrev.com/1958093002
Project Member

Comment 6 by ClusterFuzz, Dec 28 2016

Status: WontFix (was: Started)
ClusterFuzz testcase 6243545467322368 is flaky and no longer reproduces, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.
Project Member

Comment 7 by bugdroid1@chromium.org, Feb 13 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/157413286770a7ac5a24c446a30c08f749738276

commit 157413286770a7ac5a24c446a30c08f749738276
Author: yosin <yosin@chromium.org>
Date: Mon Feb 13 10:55:13 2017

Make FrameSelection to hold non-canonicalized DOM positions

This patch makes |FrameSelection| to hold non-canonicalized DOM positions in
|SelectionEditor| to align Selection API specification[1] for improving
interoperatbility[2].

Before this patch we holds selection as |VisibleSelection| as canonicalized
DOM positions. This behavior is not align with Selection API specification[1]
then the most complained issue of Blink from editing-tf@w3c.

The heart of this patch is holding selection as |SelectionInDOMTree| and
compute |VisibleSelection| on-demand with cache of computed |VisibleSelection|.

|VisibleSelection| cache is invalidate each DOM tree change and style change
since canonicalization referes CSS style properties, e.g display, visibility,
-webkit-user-modify, etc, and layout dimension.

|SelectionEditor| utilizes |SynchronousMutationObserver| to relocate
|m_selectionInDOMTree| instead of |FrameSelection|. Before this patch
|FrameSelection| relocates |VisibleSelection| with dirty layout tree then
sets |FrameSelection::setSelection()|. To void cyclic reference between
|FrameSelection| and |SelectionEditor|, we could not move relocation part to
|SelectionEditor|.

This patch also updates
|FrameSelection::updatePostionAfterAdoptingTextNodesMerged()| to handle
|PositonAnchorType|.

# Highlight of changes
## FrameCaret
- Compute caret position after "layout clean" rather than each selection change
to align rendering pipeline.

## CharacterData
Changes timing of notifying character data update for ease of relocation of
positions.

## FrameSelection
- Move |m_isHandleVisible| to |SelectionInDOMTree| as follow-up of [5].
- Move selection relocation to |SelectionEditor|; following patch will move
implementations to "SelectionEditor.cpp"

## SelecitonEdtior
- Make it to hold |SelectionInDOMTree| with relocation at DOM mutation.
- Caching |VisibleSelection|

# Brief description of test expectation changes:
## ImeTest.java:
This patch gets rid of redundant selection change event from
 - |testImePaste|,
 - |testContentEditableEvents_DeleteSurroundingText|
 - |testInputTextEvents_DeleteSurroundingText|

## LayoutTests
Before this patch, Blink uses |VisibleSelection| when it sets even if style and
layout changed. This is wrong and unexpected behavior since positions in
|VisibleSelection| can no longer be canonicalized positions. This patch changes
this behavior to return "sane" canonicalized positions with clean style and
layout tree.

This patch is the result of many attempts. Previous changes can be found in
[3][4].

[1] https://www.w3.org/TR/selection-api/ W3C Selection API
[2] https://goo.gl/9v1zOK Improving Interoperatbility of Selection
[3] http://crrev.com/1958093002
[4] http://crrev.com/2637013002
[5] http://crrev.com/2651803007 Added isHandleVisible to |SelectionTemplate|

BUG= 139552 ,  603684 ,  605499 ,  606499 ,  625533 ,  644648 ,  679991 
TEST=See changes in this patch
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2680943004
Cr-Commit-Position: refs/heads/master@{#449928}

[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/content/public/android/javatests/src/org/chromium/content/browser/input/ImeTest.java
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/editing/execCommand/crash-indenting-list-item.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/editing/execCommand/crash-inserting-list.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/editing/execCommand/format-block-multiple-paragraphs-in-pre.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/editing/execCommand/remove_format_and_extract_contents.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/editing/selection/character-data-mutation.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/editing/selection/document-mutation.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/editing/selection/select_all/select_all_details_crash.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/editing/selection/select_all/select_all_iframe_crash.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/editing/selection/selection_remove_children.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/editing/style/justify-left-crash.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/editing/undo/redo-selection-modify-crash.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/fast/dom/delete-contents.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/fast/dom/shadow/selection-in-nested-shadow.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/fast/dynamic/move-node-with-selection.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/fast/events/drag_and_drop_into_removed_on_focus.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/images/element-gcd-while-generating-alt-content-expected.txt
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/platform/mac/fast/css/first-letter-rtc-crash-expected.txt
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/platform/win/fast/css/first-letter-rtc-crash-expected.txt
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/LayoutTests/svg/foreignObject/viewport-foreignobject-crash-expected.html
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/Source/core/editing/FrameCaret.cpp
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/Source/core/editing/FrameCaret.h
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/Source/core/editing/FrameSelection.cpp
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/Source/core/editing/FrameSelection.h
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/Source/core/editing/FrameSelectionTest.cpp
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/Source/core/editing/SelectionEditor.cpp
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/Source/core/editing/SelectionEditor.h
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/Source/core/editing/VisibleSelection.cpp
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/Source/core/frame/FrameView.cpp
[modify] https://crrev.com/157413286770a7ac5a24c446a30c08f749738276/third_party/WebKit/Source/core/page/FocusController.cpp

Project Member

Comment 8 by bugdroid1@chromium.org, Feb 13 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/47591962f15392d4af5eb1f69f3b79a8e2990947

commit 47591962f15392d4af5eb1f69f3b79a8e2990947
Author: gcasto <gcasto@chromium.org>
Date: Mon Feb 13 18:25:57 2017

Revert of Make FrameSelection to hold non-canonicalized positions (patchset #9 id:180001 of https://codereview.chromium.org/2680943004/ )

Reason for revert:
This patch looks like it is causing failures in editing/execCommand/move-up-down-should-skip-hidden-elements.html on Windows 7 (https://uberchromegw.corp.google.com/i/chromium.webkit/builders/WebKit%20Win7%20%28dbg%29).

Original issue's description:
> Make FrameSelection to hold non-canonicalized DOM positions
>
> This patch makes |FrameSelection| to hold non-canonicalized DOM positions in
> |SelectionEditor| to align Selection API specification[1] for improving
> interoperatbility[2].
>
> Before this patch we holds selection as |VisibleSelection| as canonicalized
> DOM positions. This behavior is not align with Selection API specification[1]
> then the most complained issue of Blink from editing-tf@w3c.
>
> The heart of this patch is holding selection as |SelectionInDOMTree| and
> compute |VisibleSelection| on-demand with cache of computed |VisibleSelection|.
>
> |VisibleSelection| cache is invalidate each DOM tree change and style change
> since canonicalization referes CSS style properties, e.g display, visibility,
> -webkit-user-modify, etc, and layout dimension.
>
> |SelectionEditor| utilizes |SynchronousMutationObserver| to relocate
> |m_selectionInDOMTree| instead of |FrameSelection|. Before this patch
> |FrameSelection| relocates |VisibleSelection| with dirty layout tree then
> sets |FrameSelection::setSelection()|. To void cyclic reference between
> |FrameSelection| and |SelectionEditor|, we could not move relocation part to
> |SelectionEditor|.
>
> This patch also updates
> |FrameSelection::updatePostionAfterAdoptingTextNodesMerged()| to handle
> |PositonAnchorType|.
>
> # Highlight of changes
> ## FrameCaret
> - Compute caret position after "layout clean" rather than each selection change
> to align rendering pipeline.
>
> ## CharacterData
> Changes timing of notifying character data update for ease of relocation of
> positions.
>
> ## FrameSelection
> - Move |m_isHandleVisible| to |SelectionInDOMTree| as follow-up of [5].
> - Move selection relocation to |SelectionEditor|; following patch will move
> implementations to "SelectionEditor.cpp"
>
> ## SelecitonEdtior
> - Make it to hold |SelectionInDOMTree| with relocation at DOM mutation.
> - Caching |VisibleSelection|
>
> # Brief description of test expectation changes:
> ## ImeTest.java:
> This patch gets rid of redundant selection change event from
>  - |testImePaste|,
>  - |testContentEditableEvents_DeleteSurroundingText|
>  - |testInputTextEvents_DeleteSurroundingText|
>
> ## LayoutTests
> Before this patch, Blink uses |VisibleSelection| when it sets even if style and
> layout changed. This is wrong and unexpected behavior since positions in
> |VisibleSelection| can no longer be canonicalized positions. This patch changes
> this behavior to return "sane" canonicalized positions with clean style and
> layout tree.
>
> This patch is the result of many attempts. Previous changes can be found in
> [3][4].
>
> [1] https://www.w3.org/TR/selection-api/ W3C Selection API
> [2] https://goo.gl/9v1zOK Improving Interoperatbility of Selection
> [3] http://crrev.com/1958093002
> [4] http://crrev.com/2637013002
> [5] http://crrev.com/2651803007 Added isHandleVisible to |SelectionTemplate|
>
> BUG= 139552 ,  603684 ,  605499 ,  606499 ,  625533 ,  644648 ,  679991 
> TEST=See changes in this patch
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
>
> Review-Url: https://codereview.chromium.org/2680943004
> Cr-Commit-Position: refs/heads/master@{#449928}
> Committed: https://chromium.googlesource.com/chromium/src/+/157413286770a7ac5a24c446a30c08f749738276

TBR=tkent@chromium.org,changwan@chromium.org,xiaochengh@chromium.org,yoichio@chromium.org,yosin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 139552 ,  603684 ,  605499 ,  606499 ,  625533 ,  644648 ,  679991 

Review-Url: https://codereview.chromium.org/2694823002
Cr-Commit-Position: refs/heads/master@{#450018}

[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/content/public/android/javatests/src/org/chromium/content/browser/input/ImeTest.java
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/editing/execCommand/crash-indenting-list-item.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/editing/execCommand/crash-inserting-list.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/editing/execCommand/format-block-multiple-paragraphs-in-pre.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/editing/execCommand/remove_format_and_extract_contents.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/editing/selection/character-data-mutation.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/editing/selection/document-mutation.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/editing/selection/select_all/select_all_details_crash.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/editing/selection/select_all/select_all_iframe_crash.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/editing/selection/selection_remove_children.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/editing/style/justify-left-crash.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/editing/undo/redo-selection-modify-crash.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/fast/dom/delete-contents.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/fast/dom/shadow/selection-in-nested-shadow.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/fast/dynamic/move-node-with-selection.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/fast/events/drag_and_drop_into_removed_on_focus.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/images/element-gcd-while-generating-alt-content-expected.txt
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/platform/mac/fast/css/first-letter-rtc-crash-expected.txt
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/platform/win/fast/css/first-letter-rtc-crash-expected.txt
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/LayoutTests/svg/foreignObject/viewport-foreignobject-crash-expected.html
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/Source/core/editing/FrameCaret.cpp
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/Source/core/editing/FrameCaret.h
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/Source/core/editing/FrameSelection.cpp
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/Source/core/editing/FrameSelection.h
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/Source/core/editing/FrameSelectionTest.cpp
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/Source/core/editing/SelectionEditor.cpp
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/Source/core/editing/SelectionEditor.h
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/Source/core/editing/VisibleSelection.cpp
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/Source/core/frame/FrameView.cpp
[modify] https://crrev.com/47591962f15392d4af5eb1f69f3b79a8e2990947/third_party/WebKit/Source/core/page/FocusController.cpp

Project Member

Comment 9 by bugdroid1@chromium.org, Feb 14 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/17c84b2b6519c821dc319e79f2a7a4508508e20f

commit 17c84b2b6519c821dc319e79f2a7a4508508e20f
Author: yosin <yosin@chromium.org>
Date: Tue Feb 14 06:34:37 2017

Make FrameSelection to hold non-canonicalized DOM positions

This patch makes |FrameSelection| to hold non-canonicalized DOM positions in
|SelectionEditor| to align Selection API specification[1] for improving
interoperatbility[2].

Before this patch we holds selection as |VisibleSelection| as canonicalized
DOM positions. This behavior is not align with Selection API specification[1]
then the most complained issue of Blink from editing-tf@w3c.

The heart of this patch is holding selection as |SelectionInDOMTree| and
compute |VisibleSelection| on-demand with cache of computed |VisibleSelection|.

|VisibleSelection| cache is invalidate each DOM tree change and style change
since canonicalization referes CSS style properties, e.g display, visibility,
-webkit-user-modify, etc, and layout dimension.

|SelectionEditor| utilizes |SynchronousMutationObserver| to relocate
|m_selectionInDOMTree| instead of |FrameSelection|. Before this patch
|FrameSelection| relocates |VisibleSelection| with dirty layout tree then
sets |FrameSelection::setSelection()|. To void cyclic reference between
|FrameSelection| and |SelectionEditor|, we could not move relocation part to
|SelectionEditor|.

This patch also updates
|FrameSelection::updatePostionAfterAdoptingTextNodesMerged()| to handle
|PositonAnchorType|.

# Highlight of changes
## FrameCaret
- Compute caret position after "layout clean" rather than each selection change
to align rendering pipeline.

## CharacterData
Changes timing of notifying character data update for ease of relocation of
positions.

## FrameSelection
- Move |m_isHandleVisible| to |SelectionInDOMTree| as follow-up of [5].
- Move selection relocation to |SelectionEditor|; following patch will move
implementations to "SelectionEditor.cpp"

## SelecitonEdtior
- Make it to hold |SelectionInDOMTree| with relocation at DOM mutation.
- Caching |VisibleSelection|

# Brief description of test expectation changes:
## ImeTest.java:
This patch gets rid of redundant selection change event from
 - |testImePaste|,
 - |testContentEditableEvents_DeleteSurroundingText|
 - |testInputTextEvents_DeleteSurroundingText|

## LayoutTests
Before this patch, Blink uses |VisibleSelection| when it sets even if style and
layout changed. This is wrong and unexpected behavior since positions in
|VisibleSelection| can no longer be canonicalized positions. This patch changes
this behavior to return "sane" canonicalized positions with clean style and
layout tree.

This patch is the result of many attempts. Previous changes can be found in
[3][4].

[1] https://www.w3.org/TR/selection-api/ W3C Selection API
[2] https://goo.gl/9v1zOK Improving Interoperatbility of Selection
[3] http://crrev.com/1958093002
[4] http://crrev.com/2637013002
[5] http://crrev.com/2651803007 Added isHandleVisible to |SelectionTemplate|

BUG= 139552 ,  603684 ,  605499 ,  606499 ,  625533 ,  644648 ,  679991 
TEST=See changes in this patch
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2680943004
Cr-Original-Commit-Position: refs/heads/master@{#449928}
Committed: https://chromium.googlesource.com/chromium/src/+/157413286770a7ac5a24c446a30c08f749738276
Review-Url: https://codereview.chromium.org/2680943004
Cr-Commit-Position: refs/heads/master@{#450280}

[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/content/public/android/javatests/src/org/chromium/content/browser/input/ImeTest.java
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/editing/execCommand/crash-indenting-list-item.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/editing/execCommand/crash-inserting-list.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/editing/execCommand/format-block-multiple-paragraphs-in-pre.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/editing/execCommand/remove_format_and_extract_contents.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/editing/selection/character-data-mutation.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/editing/selection/document-mutation.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/editing/selection/select_all/select_all_details_crash.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/editing/selection/select_all/select_all_iframe_crash.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/editing/selection/selection_remove_children.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/editing/style/justify-left-crash.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/editing/undo/redo-selection-modify-crash.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/fast/dom/delete-contents.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/fast/dom/shadow/selection-in-nested-shadow.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/fast/dynamic/move-node-with-selection.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/fast/events/drag_and_drop_into_removed_on_focus.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/images/element-gcd-while-generating-alt-content-expected.txt
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/platform/mac/fast/css/first-letter-rtc-crash-expected.txt
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/platform/win/fast/css/first-letter-rtc-crash-expected.txt
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/LayoutTests/svg/foreignObject/viewport-foreignobject-crash-expected.html
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/Source/core/editing/FrameCaret.cpp
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/Source/core/editing/FrameCaret.h
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/Source/core/editing/FrameSelection.cpp
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/Source/core/editing/FrameSelection.h
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/Source/core/editing/FrameSelectionTest.cpp
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/Source/core/editing/SelectionEditor.cpp
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/Source/core/editing/SelectionEditor.h
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/Source/core/editing/VisibleSelection.cpp
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/Source/core/frame/FrameView.cpp
[modify] https://crrev.com/17c84b2b6519c821dc319e79f2a7a4508508e20f/third_party/WebKit/Source/core/page/FocusController.cpp

Project Member

Comment 10 by bugdroid1@chromium.org, Feb 14 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8f2a1baf12aa71d59d72e24583983b8a6b78340a

commit 8f2a1baf12aa71d59d72e24583983b8a6b78340a
Author: tyoshino <tyoshino@chromium.org>
Date: Tue Feb 14 08:18:39 2017

Revert of Make FrameSelection to hold non-canonicalized positions (patchset #9 id:180001 of https://codereview.chromium.org/2680943004/ )

Reason for revert:
See https://codereview.chromium.org/2680943004/#msg70

Original issue's description:
> Make FrameSelection to hold non-canonicalized DOM positions
>
> This patch makes |FrameSelection| to hold non-canonicalized DOM positions in
> |SelectionEditor| to align Selection API specification[1] for improving
> interoperatbility[2].
>
> Before this patch we holds selection as |VisibleSelection| as canonicalized
> DOM positions. This behavior is not align with Selection API specification[1]
> then the most complained issue of Blink from editing-tf@w3c.
>
> The heart of this patch is holding selection as |SelectionInDOMTree| and
> compute |VisibleSelection| on-demand with cache of computed |VisibleSelection|.
>
> |VisibleSelection| cache is invalidate each DOM tree change and style change
> since canonicalization referes CSS style properties, e.g display, visibility,
> -webkit-user-modify, etc, and layout dimension.
>
> |SelectionEditor| utilizes |SynchronousMutationObserver| to relocate
> |m_selectionInDOMTree| instead of |FrameSelection|. Before this patch
> |FrameSelection| relocates |VisibleSelection| with dirty layout tree then
> sets |FrameSelection::setSelection()|. To void cyclic reference between
> |FrameSelection| and |SelectionEditor|, we could not move relocation part to
> |SelectionEditor|.
>
> This patch also updates
> |FrameSelection::updatePostionAfterAdoptingTextNodesMerged()| to handle
> |PositonAnchorType|.
>
> # Highlight of changes
> ## FrameCaret
> - Compute caret position after "layout clean" rather than each selection change
> to align rendering pipeline.
>
> ## CharacterData
> Changes timing of notifying character data update for ease of relocation of
> positions.
>
> ## FrameSelection
> - Move |m_isHandleVisible| to |SelectionInDOMTree| as follow-up of [5].
> - Move selection relocation to |SelectionEditor|; following patch will move
> implementations to "SelectionEditor.cpp"
>
> ## SelecitonEdtior
> - Make it to hold |SelectionInDOMTree| with relocation at DOM mutation.
> - Caching |VisibleSelection|
>
> # Brief description of test expectation changes:
> ## ImeTest.java:
> This patch gets rid of redundant selection change event from
>  - |testImePaste|,
>  - |testContentEditableEvents_DeleteSurroundingText|
>  - |testInputTextEvents_DeleteSurroundingText|
>
> ## LayoutTests
> Before this patch, Blink uses |VisibleSelection| when it sets even if style and
> layout changed. This is wrong and unexpected behavior since positions in
> |VisibleSelection| can no longer be canonicalized positions. This patch changes
> this behavior to return "sane" canonicalized positions with clean style and
> layout tree.
>
> This patch is the result of many attempts. Previous changes can be found in
> [3][4].
>
> [1] https://www.w3.org/TR/selection-api/ W3C Selection API
> [2] https://goo.gl/9v1zOK Improving Interoperatbility of Selection
> [3] http://crrev.com/1958093002
> [4] http://crrev.com/2637013002
> [5] http://crrev.com/2651803007 Added isHandleVisible to |SelectionTemplate|
>
> BUG= 139552 ,  603684 ,  605499 ,  606499 ,  625533 ,  644648 ,  679991 
> TEST=See changes in this patch
> CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2
>
> Review-Url: https://codereview.chromium.org/2680943004
> Cr-Original-Commit-Position: refs/heads/master@{#449928}
> Committed: https://chromium.googlesource.com/chromium/src/+/157413286770a7ac5a24c446a30c08f749738276
> Review-Url: https://codereview.chromium.org/2680943004
> Cr-Commit-Position: refs/heads/master@{#450280}
> Committed: https://chromium.googlesource.com/chromium/src/+/17c84b2b6519c821dc319e79f2a7a4508508e20f

TBR=changwan@chromium.org,tkent@chromium.org,xiaochengh@chromium.org,yoichio@chromium.org,yosin@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 139552 ,  603684 ,  605499 ,  606499 ,  625533 ,  644648 ,  679991 

Review-Url: https://codereview.chromium.org/2691243002
Cr-Commit-Position: refs/heads/master@{#450291}

[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/content/public/android/javatests/src/org/chromium/content/browser/input/ImeTest.java
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/editing/execCommand/crash-indenting-list-item.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/editing/execCommand/crash-inserting-list.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/editing/execCommand/format-block-multiple-paragraphs-in-pre.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/editing/execCommand/remove_format_and_extract_contents.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/editing/selection/character-data-mutation.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/editing/selection/document-mutation.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/editing/selection/select_all/select_all_details_crash.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/editing/selection/select_all/select_all_iframe_crash.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/editing/selection/selection_remove_children.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/editing/style/justify-left-crash.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/editing/undo/redo-selection-modify-crash.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/fast/dom/delete-contents.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/fast/dom/shadow/selection-in-nested-shadow.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/fast/dynamic/move-node-with-selection.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/fast/events/drag_and_drop_into_removed_on_focus.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/images/element-gcd-while-generating-alt-content-expected.txt
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/platform/mac/fast/css/first-letter-rtc-crash-expected.txt
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/platform/win/fast/css/first-letter-rtc-crash-expected.txt
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/LayoutTests/svg/foreignObject/viewport-foreignobject-crash-expected.html
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/Source/core/editing/FrameCaret.cpp
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/Source/core/editing/FrameCaret.h
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/Source/core/editing/FrameSelection.cpp
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/Source/core/editing/FrameSelection.h
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/Source/core/editing/FrameSelectionTest.cpp
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/Source/core/editing/SelectionEditor.cpp
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/Source/core/editing/SelectionEditor.h
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/Source/core/editing/VisibleSelection.cpp
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/Source/core/frame/FrameView.cpp
[modify] https://crrev.com/8f2a1baf12aa71d59d72e24583983b8a6b78340a/third_party/WebKit/Source/core/page/FocusController.cpp

Project Member

Comment 11 by bugdroid1@chromium.org, Feb 14 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d892f9592860691ae9a782c12260c94ed6bd1a63

commit d892f9592860691ae9a782c12260c94ed6bd1a63
Author: yosin <yosin@chromium.org>
Date: Tue Feb 14 15:56:00 2017

Make FrameSelection to hold non-canonicalized DOM positions

This patch makes |FrameSelection| to hold non-canonicalized DOM positions in
|SelectionEditor| to align Selection API specification[1] for improving
interoperatbility[2].

Before this patch we holds selection as |VisibleSelection| as canonicalized
DOM positions. This behavior is not align with Selection API specification[1]
then the most complained issue of Blink from editing-tf@w3c.

The heart of this patch is holding selection as |SelectionInDOMTree| and
compute |VisibleSelection| on-demand with cache of computed |VisibleSelection|.

|VisibleSelection| cache is invalidate each DOM tree change and style change
since canonicalization referes CSS style properties, e.g display, visibility,
-webkit-user-modify, etc, and layout dimension.

|SelectionEditor| utilizes |SynchronousMutationObserver| to relocate
|m_selectionInDOMTree| instead of |FrameSelection|. Before this patch
|FrameSelection| relocates |VisibleSelection| with dirty layout tree then
sets |FrameSelection::setSelection()|. To void cyclic reference between
|FrameSelection| and |SelectionEditor|, we could not move relocation part to
|SelectionEditor|.

This patch also updates
|FrameSelection::updatePostionAfterAdoptingTextNodesMerged()| to handle
|PositonAnchorType|.

# Highlight of changes
## FrameCaret
- Compute caret position after "layout clean" rather than each selection change
to align rendering pipeline.

## CharacterData
Changes timing of notifying character data update for ease of relocation of
positions.

## FrameSelection
- Move |m_isHandleVisible| to |SelectionInDOMTree| as follow-up of [5].
- Move selection relocation to |SelectionEditor|; following patch will move
implementations to "SelectionEditor.cpp"

## SelecitonEdtior
- Make it to hold |SelectionInDOMTree| with relocation at DOM mutation.
- Caching |VisibleSelection|

# Brief description of test expectation changes:
## ImeTest.java:
This patch gets rid of redundant selection change event from
 - |testImePaste|,
 - |testContentEditableEvents_DeleteSurroundingText|
 - |testInputTextEvents_DeleteSurroundingText|

## LayoutTests
Before this patch, Blink uses |VisibleSelection| when it sets even if style and
layout changed. This is wrong and unexpected behavior since positions in
|VisibleSelection| can no longer be canonicalized positions. This patch changes
this behavior to return "sane" canonicalized positions with clean style and
layout tree.

This patch is the result of many attempts. Previous changes can be found in
[3][4].

[1] https://www.w3.org/TR/selection-api/ W3C Selection API
[2] https://goo.gl/9v1zOK Improving Interoperatbility of Selection
[3] http://crrev.com/1958093002
[4] http://crrev.com/2637013002
[5] http://crrev.com/2651803007 Added isHandleVisible to |SelectionTemplate|

BUG= 139552 ,  603684 ,  605499 ,  606499 ,  625533 ,  644648 ,  679991 
TEST=See changes in this patch
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_layout_tests_slimming_paint_v2

Review-Url: https://codereview.chromium.org/2680943004
Cr-Original-Original-Commit-Position: refs/heads/master@{#449928}
Committed: https://chromium.googlesource.com/chromium/src/+/157413286770a7ac5a24c446a30c08f749738276
Review-Url: https://codereview.chromium.org/2680943004
Cr-Original-Commit-Position: refs/heads/master@{#450280}
Committed: https://chromium.googlesource.com/chromium/src/+/17c84b2b6519c821dc319e79f2a7a4508508e20f
Review-Url: https://codereview.chromium.org/2680943004
Cr-Commit-Position: refs/heads/master@{#450370}

[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/content/public/android/javatests/src/org/chromium/content/browser/input/ImeTest.java
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/deleting/delete-br-001-expected.txt
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/deleting/delete-br-001.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/deleting/delete-character-003-expected.txt
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/deleting/delete-character-003.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/execCommand/crash-indenting-list-item.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/execCommand/crash-inserting-list.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/execCommand/format-block-multiple-paragraphs-in-pre.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/execCommand/remove_format_and_extract_contents.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/selection/character-data-mutation.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/selection/document-mutation.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/selection/select_all/select_all_details_crash.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/selection/select_all/select_all_iframe_crash.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/selection/selection_remove_children.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/style/justify-left-crash.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/editing/undo/redo-selection-modify-crash.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/external/wpt/selection/collapse-00-expected.txt
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/external/wpt/selection/collapse-30-expected.txt
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/external/wpt/selection/collapseToStartEnd-expected.txt
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/fast/dom/delete-contents.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/fast/dom/shadow/selection-in-nested-shadow.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/fast/dynamic/move-node-with-selection.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/fast/events/drag_and_drop_into_removed_on_focus.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/images/element-gcd-while-generating-alt-content-expected.txt
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/platform/mac/fast/css/first-letter-rtc-crash-expected.txt
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/platform/win/fast/css/first-letter-rtc-crash-expected.txt
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/LayoutTests/svg/foreignObject/viewport-foreignobject-crash-expected.html
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/Source/core/editing/FrameCaret.cpp
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/Source/core/editing/FrameCaret.h
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/Source/core/editing/FrameSelection.cpp
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/Source/core/editing/FrameSelection.h
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/Source/core/editing/FrameSelectionTest.cpp
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/Source/core/editing/SelectionEditor.cpp
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/Source/core/editing/SelectionEditor.h
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/Source/core/editing/VisibleSelection.cpp
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/Source/core/frame/FrameView.cpp
[modify] https://crrev.com/d892f9592860691ae9a782c12260c94ed6bd1a63/third_party/WebKit/Source/core/page/FocusController.cpp

Sign in to add a comment