Bug 149073

Summary: ChildNode.replaceWith() without argument should replace the node with an empty DocumentFragment
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: DOMAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, commit-queue, esprehn+autocc, kangil.han, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar, WebExposed
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Chris Dumez 2015-09-11 14:22:11 PDT 
ChildNode.replaceWith() without argument should replace the node with an empty DocumentFragment, as per the specification:
https://dom.spec.whatwg.org/#dom-childnode-replacewith
https://dom.spec.whatwg.org/#converting-nodes-into-a-node

Currently, WebKit does not do anything in this case (no-op).
Comment 1 Chris Dumez 2015-09-11 14:22:25 PDT 
rdar://problem/22547801
Comment 2 Chris Dumez 2015-09-11 14:30:25 PDT 
Created attachment 261016 [details]
Patch
Comment 3 Ryosuke Niwa 2015-09-11 14:52:25 PDT 
Comment on attachment 261016 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=261016&action=review

> Source/WebCore/ChangeLog:17
> +        No new tests, already covered by existing test.

Does this match behaviors of other browsers?
Comment 4 Chris Dumez 2015-09-11 14:58:56 PDT 
(In reply to comment #3)
> Comment on attachment 261016 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=261016&action=review
> 
> > Source/WebCore/ChangeLog:17
> > +        No new tests, already covered by existing test.
> 
> Does this match behaviors of other browsers?

Other browsers don't seem to implement replaceChild() yet. This is fairly recent I believe.
Comment 5 Chris Dumez 2015-09-11 14:59:36 PDT 
(In reply to comment #4)
> (In reply to comment #3)
> > Comment on attachment 261016 [details]
> > Patch
> > 
> > View in context:
> > https://bugs.webkit.org/attachment.cgi?id=261016&action=review
> > 
> > > Source/WebCore/ChangeLog:17
> > > +        No new tests, already covered by existing test.
> > 
> > Does this match behaviors of other browsers?
> 
> Other browsers don't seem to implement replaceChild() yet. This is fairly
> recent I believe.

replaceWith
Comment 6 WebKit Commit Bot 2015-09-12 10:34:05 PDT 
Comment on attachment 261016 [details]
Patch

Clearing flags on attachment: 261016

Committed r189653: <http://trac.webkit.org/changeset/189653>
Comment 7 WebKit Commit Bot 2015-09-12 10:34:10 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 8 Darin Adler 2015-09-16 10:32:20 PDT 
Comment on attachment 261016 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=261016&action=review

> Source/WebCore/dom/Node.cpp:564
> +    if (ec)
>          return;

Not new, but this code is wrong. It’s not the caller’s responsibility to set ec to zero. The caller might not set it at all if it doesn’t plan to look at it.

That means that ec might be non-zero when this function is called, and convertNodesOrStringsIntoNode might not touch it, so checking it is not right. Someone has to set ec to 0 if they are going to be checking it after the fact. So either Node::replaceWith or convertNodesOrStringsIntoNode needs to set ec to zero. This error seems to be repeated in multiple functions in this file.