REGRESSION (298476@main): [AX] Crash under WebCore::Editor::respondToChangedContents when VoiceOver is enabled

https://bugs.webkit.org/show_bug.cgi?id=301982
rdar://163230929

Reviewed by Abrar Rahman Protyasha.

Restore a null check for `node` in `Editor::respondToChangedContents` that was (effectively) removed
in 298476@main. Prior to that patch, we only passed a pointer into `AXObjectCache::postNotification`,
which would become a no-op if the `node` was null. After that change, we now (incorrectly) assume
the `node` is non-null and dereference it.

The selection start node might be null in the case where, while processing the editing command, we
mutated the DOM in such a way that the selection anchor is no longer connected or editable.

Test: accessibility/crash-when-deleting-hidden-element.html

* LayoutTests/accessibility/crash-when-deleting-hidden-element-expected.txt: Added.
* LayoutTests/accessibility/crash-when-deleting-hidden-element.html: Added.

Add a layout test to exercise the fix by verifying that we don't crash when accessibility is
enabled, under this codepath.

* Source/WebCore/editing/Editor.cpp:
(WebCore::Editor::respondToChangedContents):

Canonical link: https://commits.webkit.org/302581@main

Author: whsieh

LayoutTests/accessibility/crash-when-deleting-hidden-element-expected.txt

@@ -0,0 +1,4 @@
+ successfullyParsed is true
+
+TEST COMPLETE
+PASS

LayoutTests/accessibility/crash-when-deleting-hidden-element.html

@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="../resources/js-test.js"></script>
+<script>
+window.accessibilityController?.enableEnhancedAccessibility(true);
+
+addEventListener("load", () => {
+    document.execCommand("SelectAll");
+    const span = document.getElementsByTagName("span")[0];
+    span.contentEditable = true;
+    span.textContent = "bar";
+    document.execCommand("InsertText", false, "b");
+    document.body.textContent = "PASS";
+});
+</script>
+
+<style>
+* {
+    visibility: visible;
+}
+
+.inline {
+    display: inline;
+}
+
+* :only-child {
+    visibility: hidden;
+}
+</style>
+</head>
+<body>
+    <table>
+    <tr><td><span><table></table><span></span></span></td></tr>
+    <tr><td><td style="height: 100px;" class="inline">a</td></tr>
+    </table>
+</body>
+</html>

Source/WebCore/editing/Editor.cpp

@@ -838,9 +838,10 @@ bool Editor::shouldInsertText(const String& text, const std::optional<SimpleRang
 void Editor::respondToChangedContents(const VisibleSelection& endingSelection)
 {
     if (AXObjectCache::accessibilityEnabled()) {
-        RefPtr node = endingSelection.start().deprecatedNode();
-        if (AXObjectCache* cache = document().existingAXObjectCache())
-            cache->onEditableTextValueChanged(*node.get());
+        if (RefPtr node = endingSelection.start().deprecatedNode()) {
+            if (AXObjectCache* cache = document().existingAXObjectCache())
+                cache->onEditableTextValueChanged(*node.get());
+        }
     }
 
     updateMarkersForWordsAffectedByEditing(true);