[Webkit-unassigned] [Bug 25567] Crash when writing into a detached TITLE element
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 30 11:28:24 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=25567
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #52002|review? |review-
Flag| |
--- Comment #16 from Alexey Proskuryakov <ap at webkit.org> 2010-03-30 11:28:24 PST ---
(From update of attachment 52002)
Marking r- to get this out of review queue. Depending on investigation results,
we may or may not end up making this exact change, but the test needs some
rewording.
+ // Newly created nodes can be removed immediately inside
+ // Node::childrenChanged() inside Node::addChild() due to DOM
+ // normalization process like concatinating <title> text contents.
+ // We should skip processing such nodes because their contents already
merged into the tree.
Typo: should be "concatenation". I wonder if there are any other cases where
this could happen, besides setting document.title. Ideally, we'd need as many
test cases for different scenarios as possible.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list