| Summary: | DOMHTMLCollection::item may return a wrong element after namedItem is called | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Ryosuke Niwa <rniwa> | ||||||
| Component: | New Bugs | Assignee: | Ryosuke Niwa <rniwa> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | andersca, darin, kling | ||||||
| Priority: | P2 | ||||||||
| Version: | 528+ (Nightly build) | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Bug Depends on: | |||||||||
| Bug Blocks: | 90118 | ||||||||
| Attachments: |
|
||||||||
|
Description
Ryosuke Niwa
2012-06-28 20:19:49 PDT
Created attachment 150071 [details]
Fixes the bug
Comment on attachment 150071 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=150071&action=review > Source/WebCore/html/HTMLCollection.cpp:285 > m_cache.current = 0; I guess I should have removed this line as well (it'll degrade the performance to some extent and needs to be removed in the bug 90118 but doesn't introduce any incorrect behavior). Comment on attachment 150071 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=150071&action=review > Source/WebCore/html/HTMLCollection.cpp:275 > + unsigned i = 0; > for (Element* e = itemAfter(0); e; e = itemAfter(e)) { > if (checkForNameMatch(e, /* checkName */ false, name)) { > m_cache.current = e; > + m_cache.position = i; > return e; > } > } > > + i = 0; You are not incrementing i. Created attachment 150089 [details]
Fixed the bug
Comment on attachment 150089 [details]
Fixed the bug
r=me. nice API test!
Committed r121521: <http://trac.webkit.org/changeset/121521> Nice! |