Open
Bug 1943225
Opened 22 days ago
Updated 9 days ago
Fix inconsistent checks between `RangeUtils::ComputeRootNode()` and `nsFrameSelection::NodeIsInLimiters()`
Categories
(Core :: DOM: Selection, defect)
Core
DOM: Selection
Tracking
()
NEW
People
(Reporter: masayuki, Unassigned)
References
(Blocks 1 open bug)
Details
Therefore, nsFrameSelection
allows to cross a native anonymous subtree boundary when extending a selection range. Then, this assertion in nsRange::AssertIfMismatchRootAndRangeBoundaries()
must fail only in debug builds.
Finally, nsRange::DoSetRange()
add itself as a mutation observer to one of the roots. So, if the root is a parent of a native anonymous subtree, the other range boundary may not be tracked by the mutation observer. So, invalid nsRange
may appear after some mutations.
However, as far as I've tested with the native anonymous subtree of <details>
, selection is reset to in or outside of the native anonymous subtree. Therefore, I've not found actual case that this mismatch causes the crashes.
You need to log in
before you can comment on or make changes to this bug.
Description
•