[Webkit-unassigned] [Bug 25567] Crash when writing into a detached TITLE element
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 29 22:13:46 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=25567
MORITA Hajime <morrita at google.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |morrita at google.com
--- Comment #10 from MORITA Hajime <morrita at google.com> 2010-03-29 22:13:46 PST ---
In HTMLParser::insertNode(), A new child of the <title> node can be removed
inside ContatinerNode::addChild() for its own(!)
because HTMLTitleElement::childrenChanged() try to concatenate its children.
Another alternative for this fix would be handling orphan children on
ContainerNode::addChild().
But doing so, It would be hard for HTMLParser to know what type of error
happened,
and implementing correct HTMLParser::reportError() wouldn't be trivial.
This is even not an error because the contents of the new node get inside the
tree (as a flatten form).
So handling the case inside HTMLParser looks better.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list