Cherry-pick security fix in WebKit change 65748
See http://trac.webkit.org/changeset/65748
Bug: 2986936
Change-Id: Idd9927f39d49b8eadd589f1513cf5210cd9dfee0
diff --git a/WebCore/page/FocusController.cpp b/WebCore/page/FocusController.cpp
index bdd3151..c2bd251 100644
--- a/WebCore/page/FocusController.cpp
+++ b/WebCore/page/FocusController.cpp
@@ -335,11 +335,14 @@
oldDocument->setFocusedNode(0);
setFocusedFrame(newFocusedFrame);
-
+
+ // Setting the focused node can result in losing our last reft to node when JS event handlers fire.
+ RefPtr<Node> protect = node;
if (newDocument)
newDocument->setFocusedNode(node);
-
- m_page->editorClient()->setInputMethodState(node->shouldUseInputMethod());
+
+ if (newDocument->focusedNode() == node)
+ m_page->editorClient()->setInputMethodState(node->shouldUseInputMethod());
return true;
}