[Webkit-unassigned] [Bug 25567] Crash when writing into a detached TITLE element
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 31 02:01:16 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=25567
--- Comment #17 from MORITA Hajime <morrita at google.com> 2010-03-31 02:01:16 PST ---
ap, thank you for you suggestion.
> I think that we should care somewhat. It makes sense to at least investigate
> what HTML5 says about this - it's important to have HTML5 say sensible things
> about parsing, because otherwise, we wouldn't be able to make our parser more
> standard compliant in the future.
Agreed. I read it again and found that:
- text that is passed to document.write() should be flushed - or in spec term,
"processed" until the tokenizer reaches an insertion point.
So the last patch is wrong.
http://www.whatwg.org/specs/web-apps/current-work/multipage/apis-in-html-documents.html#document.write()
I'll look around the code further.
>Ideally, we'd need as many
>test cases for different scenarios as possible.
Yes. we might have same problem with innerHTML, textarea, etc...
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list