Bug 32393

Summary: Comments and PIs in the internal subset appear as siblings of the doctype
Product: WebKit Reporter: Simon Pieters (:zcorpan) <zcorpan>
Component: XMLAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: ahmad.saleem792, ap, bfulgham, cdumez, mike, rniwa, webkit-bug-importer
Priority: P3 Keywords: InRadar, WPTImpact
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   

Description Simon Pieters (:zcorpan) 2009-12-10 13:34:42 PST 
Comments and PIs that appear in the internal subset are inserted to the DOM as children of the document, after the doctype node. This is bogus. In the Infoset, they'd be children of the doctype. In the DOM, they'd be dropped on the floor, basically.

This makes a difference for xml-stylesheet PIs.

Opera and Mozilla don't insert comments and PIs in the internal subset as children of the document.

http://canvex.lazyilluminati.com/misc/dom-viewer/x.html?<!DOCTYPE%20x[<!--comment--><%3Fpi%3F>]><x/>
Comment 1 Alexey Proskuryakov 2009-12-10 19:50:14 PST 
What is the use case for putting xml-stylesheet PI into the internal subset?
Comment 2 Simon Pieters (:zcorpan) 2009-12-11 01:57:46 PST 
No use case; that's why WebKit shouldn't allow it.
Comment 3 Lucas Forschler 2019-02-06 09:03:24 PST 
Mass moving XML DOM bugs to the "DOM" Component.
Comment 4 Simon Pieters (:zcorpan) 2019-02-07 04:18:44 PST 
New URL to reproduce:

http://software.hixie.ch/utilities/js/live-dom-viewer/saved/6580

says [object ProcessingInstruction] should say [object DocumentType].

<!DOCTYPE html>
...<iframe src="data:text/xml,<!DOCTYPE html [<?x?>]><html xmlns='http://www.w3.org/1999/xhtml'><script>alert(document.documentElement.previousSibling)</script></html>"> 

or:

http://software.hixie.ch/utilities/js/live-dom-viewer/saved/6581

The xml-stylesheet should not apply but is applied.

<!DOCTYPE html>
...<iframe src="data:text/xml,<!DOCTYPE html [<?xml-stylesheet href='data:text/css,*{background:red}'?>]><html xmlns='http://www.w3.org/1999/xhtml'>There should be no red.</html>">
Comment 5 Ahmad Saleem 2022-08-10 04:19:39 PDT 
I am able to reproduce this based on Test cases from Comment 04:

Test Case 1 - http://software.hixie.ch/utilities/js/live-dom-viewer/?saved=6580

*** Safari 15.6 on macOS 12.5 ***

[object ProcessingInstruction]

& DOM View:

DOCTYPE: html

*** Chrome Canary 106 ***

[object ProcessingInstruction]

& DOM View:

DOCTYPE: html
HTML
HEAD
BODY
#text: ...
IFRAME src="data:text/xml,<!DOCTYPE html [<?x?>]><html xmlns='http://www.w3.org/1999/xhtml'><script>alert(document.documentElement.previousSibling)</script></html>"

*** Firefox Nightly 106 ***

[object DocumentType]

& DOM View:

    DOCTYPE: html
    HTML
        HEAD
        BODY
            #text: ...
            IFRAME src="data:text/xml,<!DOCTYPE html [<?x?>]><html xmlns='http://www.w3.org/1999/xhtml'><script>alert(document.documentElement.previousSibling)</script></html>"

___________

Test Case 2 - http://software.hixie.ch/utilities/js/live-dom-viewer/?saved=6581

*** Safari 15.6 on macOS 12.5 ***

Show Red background in iframe

*** Chrome Canary 106 ***

Show Red background in iframe

*** Firefox Nightly 106 ***

Does not show "Red" background in iframe

_________

Just wanted to share updated test results. Thanks!
Comment 6 Radar WebKit Bug Importer 2022-08-10 10:52:07 PDT 
<rdar://problem/98459822>
Comment 7 Simon Pieters (:zcorpan) 2023-01-26 12:57:37 PST 
Tests: https://github.com/web-platform-tests/wpt/pull/38136