Chrome does not allow nested `Document.execCommand()` calls: https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/core/editing/commands/document_exec_command.cc;l=75;drc=301e5d079a1b4c29c5b17574d0470e6db7370acc On the other hand, Safari (and Firefox) allows it. However, it's worthwhile to follow Chrome's behavior because our editor security issues are usually found with nested `execCommand` calls. This patch makes `Document::ExecCommand()` return `false` when it's called while running another `Document::ExecCommand()` call on Nightly and early Beta. And this patch sets the pref to `true` when all crash tests under `editor/libeditor/crashtests` which depend on nested calls of `execCommand` run since same things may be reproducible with other DOM APIs.
Bug 1611374 Comment 3 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Chrome does not allow nested `Document.execCommand()` calls: https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/core/editing/commands/document_exec_command.cc;l=75;drc=301e5d079a1b4c29c5b17574d0470e6db7370acc On the other hand, Safari (and Firefox) allows it. However, it's worthwhile to follow Chrome's behavior. This patch makes `Document::ExecCommand()` return `false` when it's called while running another `Document::ExecCommand()` call on Nightly and early Beta. This is exactly same behavior, and we should watch broken web apps reports for a while before riding this on the train. And this patch sets the pref to `true` when all crash tests under `editor/libeditor/crashtests` which depend on nested calls of `execCommand` run since same things may be reproducible with other DOM APIs.