[Webkit-unassigned] [Bug 15455] New: XML parser modifies the document when using foo.innerHtml = "some string"
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 10 14:07:42 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=15455
Summary: XML parser modifies the document when using
foo.innerHtml = "some string"
Product: WebKit
Version: 522+ (nightly)
Platform: Other
OS/Version: Mac OS X 10.4
Status: NEW
Severity: Normal
Priority: P2
Component: XML
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: lars at trolltech.com
The XMLTokenizer.cpp has a constructor that takes a document fragment and
parses XML into this fragment (which is used at least for handling innerHtml,
maybe other places as well).
While parsing this fragment, the parser calls lots of methods on the document,
amongst others finishedParsing(), which can lead to memory corruption when
innerHtml is used form within the onload handler.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list