Cherry-pick security fix in WebKit change 65748 See http://trac.webkit.org/changeset/65748 Bug: 2986936 Change-Id: Idd9927f39d49b8eadd589f1513cf5210cd9dfee0

commit: badca5a6d49b048c5dc9c5a847ab2d729b936b09 [log] [tgz]
author: Steve Block <steveblock@google.com> Thu Sep 09 11:55:57 2010 +0100
committer: Steve Block <steveblock@google.com> Thu Sep 09 12:20:26 2010 +0100
tree: 8fc1555554987d374034297ddd6c2b86395c1a66
parent: 0a05678e32a04623b93aa4d3990d14877ee80386 [diff]
diff --git a/WebCore/page/FocusController.cpp b/WebCore/page/FocusController.cpp
index bdd3151..c2bd251 100644
--- a/WebCore/page/FocusController.cpp
+++ b/WebCore/page/FocusController.cpp

@@ -335,11 +335,14 @@
         oldDocument->setFocusedNode(0);
     
     setFocusedFrame(newFocusedFrame);
-    
+
+    // Setting the focused node can result in losing our last reft to node when JS event handlers fire.
+    RefPtr<Node> protect = node;
     if (newDocument)
         newDocument->setFocusedNode(node);
-    
-    m_page->editorClient()->setInputMethodState(node->shouldUseInputMethod());
+
+    if (newDocument->focusedNode() == node)
+        m_page->editorClient()->setInputMethodState(node->shouldUseInputMethod());
 
     return true;
 }
commit	badca5a6d49b048c5dc9c5a847ab2d729b936b09	[log] [tgz]
author	Steve Block <steveblock@google.com>	Thu Sep 09 11:55:57 2010 +0100
committer	Steve Block <steveblock@google.com>	Thu Sep 09 12:20:26 2010 +0100
tree	8fc1555554987d374034297ddd6c2b86395c1a66
parent	0a05678e32a04623b93aa4d3990d14877ee80386 [diff]