commit | ed1bc278b276d660b5b80884dc9a655b0a17d258 | [log] [tgz] |
---|---|---|
author | sigbjornf@opera.com <sigbjornf@opera.com@bbb929c8-8fbe-4397-9dbb-9b2b20218538> | Wed Apr 09 19:00:32 2014 |
committer | sigbjornf@opera.com <sigbjornf@opera.com@bbb929c8-8fbe-4397-9dbb-9b2b20218538> | Wed Apr 09 19:00:32 2014 |
tree | f8e4a43f2b75a0bb423bc7ffc8df9e707742c632 | |
parent | a1944d5b61faef68fb614c9154356a86c13c24bf [diff] |
Add CharacterData.deleteData()/replaceData() overflow handling. If the offset and count exceed the underlying length, the spec tells us http://dom.spec.whatwg.org/#concept-cd-replace (step 3) to use a count that is equal to length minus the offset. Perform that check in an overflow-sensitive manner. (Change based on https://codereview.chromium.org/188693007/ ) R= BUG=349898 Review URL: https://codereview.chromium.org/229793004 git-svn-id: svn://svn.chromium.org/blink/trunk@171165 bbb929c8-8fbe-4397-9dbb-9b2b20218538