ed1bc278b276d660b5b80884dc9a655b0a17d258 - chromium/src

commit	ed1bc278b276d660b5b80884dc9a655b0a17d258	[log] [tgz]
author	sigbjornf@opera.com <sigbjornf@opera.com@bbb929c8-8fbe-4397-9dbb-9b2b20218538>	Wed Apr 09 19:00:32 2014
committer	sigbjornf@opera.com <sigbjornf@opera.com@bbb929c8-8fbe-4397-9dbb-9b2b20218538>	Wed Apr 09 19:00:32 2014
tree	f8e4a43f2b75a0bb423bc7ffc8df9e707742c632
parent	a1944d5b61faef68fb614c9154356a86c13c24bf [diff]

Add CharacterData.deleteData()/replaceData() overflow handling.

If the offset and count exceed the underlying length, the spec tells us

  http://dom.spec.whatwg.org/#concept-cd-replace (step 3)

to use a count that is equal to length minus the offset. Perform that
check in an overflow-sensitive manner.

(Change based on https://codereview.chromium.org/188693007/ )

R=
BUG=349898

Review URL: https://codereview.chromium.org/229793004

git-svn-id: svn://svn.chromium.org/blink/trunk@171165 bbb929c8-8fbe-4397-9dbb-9b2b20218538

third_party/WebKit/LayoutTests/fast/dom/Range/deleteData-replaceData-count-overflow-expected.txt[Added - diff]
third_party/WebKit/LayoutTests/fast/dom/Range/deleteData-replaceData-count-overflow.html[Added - diff]
third_party/WebKit/Source/core/dom/CharacterData.cpp[diff]
third_party/WebKit/Source/core/editing/FrameSelection.cpp[diff]

4 files changed

tree: f8e4a43f2b75a0bb423bc7ffc8df9e707742c632

third_party/