[webkit-changes] [WebKit/WebKit] 6231b9: Assertion failure in TreeScopeOrderedMap::add by T...
Ryosuke Niwa
noreply at github.com
Thu Nov 3 12:35:34 PDT 2022
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 6231b9849576f85498673d386c5fb5b8f961c561
https://github.com/WebKit/WebKit/commit/6231b9849576f85498673d386c5fb5b8f961c561
Author: Ryosuke Niwa <rniwa at webkit.org>
Date: 2022-11-03 (Thu, 03 Nov 2022)
Changed paths:
A LayoutTests/fast/dom/move-element-with-empty-name-crash-expected.txt
A LayoutTests/fast/dom/move-element-with-empty-name-crash.html
M Source/WebCore/dom/Element.cpp
Log Message:
-----------
Assertion failure in TreeScopeOrderedMap::add by TreeScope::addElementByName
https://bugs.webkit.org/show_bug.cgi?id=247412
Reviewed by Wenson Hsieh.
The assertion failure is caused by insertedIntoAncestor registering an element with an empty name
into TreeScope::m_elementsByName but removedFromAncestor not removing the element from it.
Fixed the bug by avoid adding such an element to m_elementsByName. TreeScope::getElementByName is
only used by CachedHTMLCollection<HTMLCollectionClass, traversalType>::namedItem, and this function
returns early when the input string is empty.
* LayoutTests/fast/dom/move-element-with-empty-name-crash-expected.txt: Added.
* LayoutTests/fast/dom/move-element-with-empty-name-crash.html: Added.
* Source/WebCore/dom/Element.cpp:
(WebCore::Element::insertedIntoAncestor):
Canonical link: https://commits.webkit.org/256286@main
More information about the webkit-changes
mailing list