Created attachment 627202 [details]
testcase (requires focus) (click the button)
###!!! ASSERTION: Must have view manager: '!isSafeToFlush || mViewManager', file layout/base/nsPresShell.cpp, line 3719
Might be a regression from bug 748961, which added a Flush_Style to nsTypedSelection::ToString.
These variations do *not* assert:
Using a fresh selection object "" + window.getSelection();
Forcing a full layout flush document.documentElement.offsetHeight
Created attachment 627203 [details]
Created attachment 627317 [details] [diff] [review]
GetPresShell use nsTypedSelection::mPresShellWeak which isn't nulled
out by DisconnectFromPresShell. Maybe we should, but let's take this
safe patch for now.
BTW, is Destroy'ing the pres shell expected when entering full screen mode?
(In reply to Mats Palmgren [:mats] from comment #3)
> BTW, is Destroy'ing the pres shell expected when entering full screen mode?
I think so, we change the position or display of some ancestor of the content document in chrome when we go into fullscreen, so it gets reframed.
Comment on attachment 627317 [details] [diff] [review]
This is safe.
Backed out in https://hg.mozilla.org/integration/mozilla-inbound/rev/cf9f2ec36992 despite probably being harmless and just keeping bad company in that push. Something in that push caused bug 759243, which horrifies me so much I wanted to kill it with as much fire as possible.