[Webkit-unassigned] [Bug 24336] document.write() should be able to make a document into strict mode

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 17 16:12:22 PDT 2009


https://bugs.webkit.org/show_bug.cgi?id=24336





------- Comment #7 from eric at webkit.org  2009-03-17 16:12 PDT -------
OK, this is the code which is getting us in trouble:

void Document::write(const SegmentedString& text, Document* ownerDocument)
{
    if (!m_tokenizer) {  // WE TAKE THIS PATH IN THE
iframe.contentDocument.write()
        open(ownerDocument);
        ASSERT(m_tokenizer);
        if (!m_tokenizer)
            return;
        UChar documentPrefix[] = { '<', 'h', 't', 'm', 'l', '>' };
        m_tokenizer->write(SegmentedString(documentPrefix,
sizeof(documentPrefix) / sizeof(documentPrefix[0])), false);
    }

When the iframe.contentDocument.write() happens, the tokenizer has of course
already been destroyed.  So we create a new one, and prime it with <html> (not
sure why?)  This breaks our ability to document.write things like doctypes
which must go before the <html>.

Not sure what the elegant solution here would be.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list