Created attachment 174378 [details]
Patch

Comment on attachment 174378 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=174378&action=review

> Source/WebCore/ChangeLog:11
> +        isHTMLInputElement only checked if the tag name was input which is bad
> +        since other things inherit from HTMLInputElement. Instead callers should
> +        use Node::toInputElement() which is virtual and will handle subclasses
> +        properly.

Why is that dangerous? If an element has the name HTMLNames::inputTag, then it can't certainly be some other element, right?
I agree that you can't assume that an element's name is HTMLNames::inputTag just because it's an instance of a HTMLInputElement but that's a separate issue.

(In reply to comment #2)
> (From update of attachment 174378 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=174378&action=review
> 
> > Source/WebCore/ChangeLog:11
> > +        isHTMLInputElement only checked if the tag name was input which is bad
> > +        since other things inherit from HTMLInputElement. Instead callers should
> > +        use Node::toInputElement() which is virtual and will handle subclasses
> > +        properly.
> 
> Why is that dangerous? If an element has the name HTMLNames::inputTag, then it can't certainly be some other element, right?
> I agree that you can't assume that an element's name is HTMLNames::inputTag just because it's an instance of a HTMLInputElement but that's a separate issue.

Dangerous is probably the wrong word. Why would I ever want to call this method instead of just using toInputElement() though?

Created attachment 174466 [details]
Patch

Comment on attachment 174466 [details]
Patch

Clearing flags on attachment: 174466

Committed r134790: <http://trac.webkit.org/changeset/134790>

All reviewed patches have been landed.  Closing bug.