[Webkit-unassigned] [Bug 204332] Nullptr crash in Node::setTextContent via Document::setTitle if title element is removed before setTextContent call.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 18 17:30:55 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=204332
--- Comment #5 from Ryosuke Niwa <rniwa at webkit.org> ---
WebKit's behavior of document.title's setter matches the current spec:
https://html.spec.whatwg.org/multipage/dom.html#document.title
which says:
> Let element be the result of creating an element given the document element's node document, title, and the HTML namespace.
>
> Append element to the head element.
Because the spec doesn't have mutation events they don't have to deal with the situation in which appending the element to the head element results in its removal :(
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191119/bfc0e89d/attachment-0001.htm>
More information about the webkit-unassigned
mailing list