commit 9761a76f2452e9c719aedafc351618b098b9c278
parent 1b1577cc4a0ee3d1ffa62824873b5707fda5c7f5
Author: Jan-Niklas Jaeschke <jjaschke@mozilla.com>
Date: Mon, 8 Dec 2025 04:58:09 +0000
Bug 1991206 - Make `GetCommonFlattenedTreeAncestorForSelection()` return `nsINode` instead of `nsIContent`. r=smaug
This patch fixes a crash that occurs when a range boundary is
outside to the HTML element.
Differential Revision: https://phabricator.services.mozilla.com/D275375
Diffstat:
5 files changed, 36 insertions(+), 15 deletions(-)
diff --git a/dom/base/crashtests/1991206.html b/dom/base/crashtests/1991206.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<script>
+window.addEventListener("load", async () => {
+ const sup = document.getElementById("id_1")
+ const range = new Range()
+ const selection = window.getSelection()
+ const iterator = document.createNodeIterator(document, NodeFilter.SHOW_COMMENT, {
+ "acceptNode": async function(n) {
+ range.selectNodeContents(n)
+ }
+ })
+
+ iterator.nextNode()
+ range.setStartBefore(sup)
+ selection.addRange(range)
+})
+</script>
+<sup id="id_1"></sup>
+</html>
+<!-- COMMENT -->
+
+\ No newline at end of file
diff --git a/dom/base/crashtests/crashtests.list b/dom/base/crashtests/crashtests.list
@@ -283,3 +283,4 @@ load 1966485.html
load 1966466.html
load 1969289.html
load 1975990.html
+load 1991206.html
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
@@ -796,10 +796,8 @@ static auto* GetFlattenedTreeParent(const nsIContent* aContent) {
return aContent->GetFlattenedTreeParent();
}
-static nsIContent* GetFlattenedTreeParentNodeForSelection(
- const nsIContent* aNode) {
- nsINode* parent = aNode->GetFlattenedTreeParentNodeForSelection();
- return parent && parent->IsContent() ? parent->AsContent() : nullptr;
+static nsINode* GetFlattenedTreeParentNodeForSelection(const nsINode* aNode) {
+ return aNode->GetFlattenedTreeParentNodeForSelection();
}
static auto* GetFlattenedTreeParentElementForStyle(const Element* aElement) {
@@ -3322,14 +3320,14 @@ nsIContent* nsContentUtils::GetCommonFlattenedTreeAncestorHelper(
}
/* static */
-nsIContent* nsContentUtils::GetCommonFlattenedTreeAncestorForSelection(
- nsIContent* aContent1, nsIContent* aContent2) {
- if (aContent1 == aContent2) {
- return aContent1;
+nsINode* nsContentUtils::GetCommonFlattenedTreeAncestorForSelection(
+ nsINode* aNode1, nsINode* aNode2) {
+ if (aNode1 == aNode2) {
+ return aNode1;
}
- MOZ_ASSERT(aContent1);
- MOZ_ASSERT(aContent2);
- return CommonAncestors(*aContent1, *aContent2,
+ MOZ_ASSERT(aNode1);
+ MOZ_ASSERT(aNode2);
+ return CommonAncestors(*aNode1, *aNode2,
GetFlattenedTreeParentNodeForSelection)
.GetClosestCommonAncestor();
}
diff --git a/dom/base/nsContentUtils.h b/dom/base/nsContentUtils.h
@@ -549,8 +549,8 @@ class nsContentUtils {
* Returns the common flattened tree ancestor from the point of view of
* the selection system, if any, for two given content nodes.
*/
- static nsIContent* GetCommonFlattenedTreeAncestorForSelection(
- nsIContent* aContent1, nsIContent* aContent2);
+ static nsINode* GetCommonFlattenedTreeAncestorForSelection(nsINode* aNode1,
+ nsINode* aNode2);
/**
* Returns the common flattened tree ancestor from the point of view of the
diff --git a/editor/libeditor/HTMLEditor.cpp b/editor/libeditor/HTMLEditor.cpp
@@ -7134,9 +7134,9 @@ Element* HTMLEditor::ComputeEditingHostInternal(
if (!selectionCommonAncestor) {
selectionCommonAncestor = commonAncestor;
} else {
- selectionCommonAncestor =
+ selectionCommonAncestor = nsIContent::FromNodeOrNull(
nsContentUtils::GetCommonFlattenedTreeAncestorForSelection(
- commonAncestor, selectionCommonAncestor);
+ commonAncestor, selectionCommonAncestor));
}
}
if (selectionCommonAncestor) {
