commit 15ee536019d871203b3959f6d3a5b3b412faeafc
parent 64ccd14e3f6fea4f70eb90c8fc2826d56867cc45
Author: Jan-Niklas Jaeschke <jjaschke@mozilla.com>
Date: Sat, 6 Dec 2025 19:44:24 +0000
Bug 2004005 - CSS Highlight API: Don't add invalid static ranges to Selection. r=smaug
Differential Revision: https://phabricator.services.mozilla.com/D275360
Diffstat:
2 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/dom/base/Selection.cpp b/dom/base/Selection.cpp
@@ -1293,7 +1293,6 @@ nsresult Selection::StyledRanges::AddRangeAndIgnoreOverlaps(
MOZ_ASSERT(mSelection.mSelectionType == SelectionType::eHighlight);
if (aRange->IsStaticRange() && !aRange->AsStaticRange()->IsValid()) {
mInvalidStaticRanges.AppendElement(StyledRange(aRange));
- aRange->RegisterSelection(MOZ_KnownLive(mSelection));
return NS_OK;
}
@@ -1644,6 +1643,9 @@ void Selection::StyledRanges::ReorderRangesIfNecessary() {
MOZ_ASSERT(iter->mRange->IsStaticRange());
if (iter->mRange->AsStaticRange()->IsValid()) {
mRanges.AppendElement(*iter);
+ if (!iter->mRange->IsInSelection(mSelection)) {
+ iter->mRange->RegisterSelection(MOZ_KnownLive(mSelection));
+ }
iter = mInvalidStaticRanges.RemoveElementAt(iter);
} else {
++iter;
diff --git a/testing/web-platform/tests/css/css-highlight-api/Highlight-invalid-static-range-crash.html b/testing/web-platform/tests/css/css-highlight-api/Highlight-invalid-static-range-crash.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+
+<body onload="boom()">
+ <p id="A"></p>
+ <p id="B"></p>
+</body>
+
+<script>
+function boom() {
+ let highlight0 = new Highlight();
+
+ let range = new StaticRange({
+ endContainer: document.getElementById("A"),
+ startOffset: 1,
+ startContainer: document.getElementById("B"),
+ endOffset: 1,
+ });
+ CSS.highlights.set("highlight0", highlight0);
+
+ document.getElementById("A").remove();
+ highlight0.add(range);
+}
+</script>
