Bug 28864

Summary: Setting document.title reuses <title>'s textnode child
Product: WebKit Reporter: Boris Zbarsky <bzbarsky>
Component: DOMAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, achristensen, ap, cdumez, commit-queue, darin, dglazkov, mrowe, rniwa, syoichi, tonikitoo, webkit-bug-importer, webkit.review.bot
Priority: P2 Keywords: HasReduction, InRadar
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.5   
Attachments:
Description Flags
Testcase
none
Patch
tkent: review-, webkit.review.bot: commit-queue-
Archive of layout-test-results from ec2-cr-linux-02
none
WIP Patch
none
WIP Patch
none
Patch
none
Patch none

Boris Zbarsky
Reported 2009-08-31 19:53:04 PDT
STEPS TO REPRODUCE: 1) Load attached testcase 2) See which alert comes up EXPECTED RESULTS: "textnode is not being reused" ACTUAL RESULTS: "Reusing textnode on title set" The relevant spec draft text is at http://www.whatwg.org/specs/web-apps/current-work/multipage/dom.html#document.title step 4 of the "On setting" algorithm. Opera and Gecko both follow the HTML5 draft here.
Attachments
Testcase (450 bytes, text/html)
2009-09-01 04:50 PDT, Boris Zbarsky 		no flags
Details
Patch (1.44 KB, patch)
2012-04-15 07:45 PDT, Adrien Loison 		tkent: review-
webkit.review.bot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ec2-cr-linux-02 (6.59 MB, application/zip)
2012-04-15 08:15 PDT, WebKit Review Bot 		no flags
Details
WIP Patch (7.04 KB, patch)
2016-07-10 18:21 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
WIP Patch (8.20 KB, patch)
2016-07-10 18:53 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (14.38 KB, patch)
2016-07-10 19:23 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (16.55 KB, patch)
2016-07-10 21:36 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2009-08-31 21:43:24 PDT
There's no test case attached. Boris, can you please attach the test case you refer to in your description of the bug?
Boris Zbarsky
Comment 2 2009-09-01 04:50:54 PDT
Created attachment 38858 [details] Testcase Ah, sorry. Not sure how I failed to attach that.
Mark Rowe (bdash)
Comment 3 2009-09-01 04:54:02 PDT
<rdar://problem/7186473>
Adam Barth
Comment 4 2010-09-21 04:11:45 PDT
You're blowing my mind Boris. Will fix.
Adrien Loison
Comment 5 2012-04-15 07:45:35 PDT
Created attachment 137235 [details] Patch
WebKit Review Bot
Comment 6 2012-04-15 08:15:40 PDT
Comment on attachment 137235 [details] Patch Attachment 137235 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/12406665 New failing tests: fast/dom/document-set-title-mutation-crash.html
WebKit Review Bot
Comment 7 2012-04-15 08:15:46 PDT
Created attachment 137236 [details] Archive of layout-test-results from ec2-cr-linux-02 The attached test failures were seen while running run-webkit-tests on the chromium-ews. Bot: ec2-cr-linux-02 Port: <class 'webkitpy.common.config.ports.ChromiumXVFBPort'> Platform: Linux-2.6.35-28-virtual-x86_64-with-Ubuntu-10.10-maverick
Kent Tamura
Comment 8 2012-04-19 18:04:56 PDT
Comment on attachment 137235 [details] Patch r- because of the EWS failure
Chris Dumez
Comment 9 2016-07-10 10:01:06 PDT
Looks like this still applies according to the latest specification: - https://html.spec.whatwg.org/multipage/dom.html#document.title - https://dom.spec.whatwg.org/#dom-node-textcontent This is caused by the following "optimization" in HTMLTitleElement::setText(): if (!value.isEmpty() && hasOneChild() && is<Text>(*firstChild())) { downcast<Text>(*firstChild()).setData(value); return; }
Chris Dumez
Comment 10 2016-07-10 10:07:59 PDT
Chrome and Firefox seem to agree with the specification.
Chris Dumez
Comment 11 2016-07-10 18:21:37 PDT
Created attachment 283292 [details] WIP Patch
Chris Dumez
Comment 12 2016-07-10 18:53:23 PDT
Created attachment 283293 [details] WIP Patch
Chris Dumez
Comment 13 2016-07-10 19:23:42 PDT
Created attachment 283295 [details] Patch
Benjamin Poulain
Comment 14 2016-07-10 21:20:24 PDT
Comment on attachment 283295 [details] Patch Please also include a test for the SVG title element. We always find fishy bugs with SVG. Bonus point for a test that raise the exception on setTitle() (I guess messing up with the tree in response to mutation events).
Chris Dumez
Comment 15 2016-07-10 21:36:49 PDT
Created attachment 283298 [details] Patch
Chris Dumez
Comment 16 2016-07-10 21:39:00 PDT
(In reply to comment #14) > Comment on attachment 283295 [details] > Patch > > Please also include a test for the SVG title element. We always find fishy > bugs with SVG. > Bonus point for a test that raise the exception on setTitle() (I guess > messing up with the tree in response to mutation events). I added a test for svn title before landing. I agree we should cover the exception case, I'll look into it tomorrow and we can land the test in a follow-up.
WebKit Commit Bot
Comment 17 2016-07-10 22:07:08 PDT
Comment on attachment 283298 [details] Patch Clearing flags on attachment: 283298 Committed r203047: <http://trac.webkit.org/changeset/203047>
WebKit Commit Bot
Comment 18 2016-07-10 22:07:14 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.