Bug 1248459 - Don't query out-of-bounds selection; r=masayuki
☠☠ backed out by 53003fb5d81a ☠ ☠
authorJim Chen <nchen@mozilla.com>
Fri, 26 Feb 2016 14:38:57 -0500
changeset 324095 6aeedf17f57775ea7a0c8d5345b7e8d774ce9fb4
parent 324094 d7c57e19077b31ed6ad07fa2f01286e0c03304cd
child 324096 62d7f81e434a07bcc00157cf827f179c5fbd8aaf
push id1128
push userjlund@mozilla.com
push dateWed, 01 Jun 2016 01:31:59 +0000
treeherdermozilla-release@fe0d30de989d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmasayuki
bugs1248459
milestone47.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1248459 - Don't query out-of-bounds selection; r=masayuki During a query selection event, fail if the selection is outside of the editor's root content. This can happen if the placeholder text in an input field is somehow selected. The placeholder is in a separate element outside of the root content.
dom/events/ContentEventHandler.cpp
--- a/dom/events/ContentEventHandler.cpp
+++ b/dom/events/ContentEventHandler.cpp
@@ -1118,16 +1118,25 @@ static nsresult GetFrameForTextRect(nsIN
 nsresult
 ContentEventHandler::OnQuerySelectedText(WidgetQueryContentEvent* aEvent)
 {
   nsresult rv = Init(aEvent);
   if (NS_FAILED(rv)) {
     return rv;
   }
 
+  nsINode* const startNode = mFirstSelectedRange->GetStartParent();
+  nsINode* const endNode = mFirstSelectedRange->GetEndParent();
+
+  // Make sure the selection is within the root content range.
+  if (!nsContentUtils::ContentIsDescendantOf(startNode, mRootContent) ||
+      !nsContentUtils::ContentIsDescendantOf(endNode, mRootContent)) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
   NS_ASSERTION(aEvent->mReply.mString.IsEmpty(),
                "The reply string must be empty");
 
   LineBreakType lineBreakType = GetLineBreakType(aEvent);
   rv = GetFlatTextLengthBefore(mFirstSelectedRange,
                                &aEvent->mReply.mOffset, lineBreakType);
   NS_ENSURE_SUCCESS(rv, rv);