Created attachment 174378 [details] Patch

Comment on attachment 174378 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=174378&action=review > Source/WebCore/ChangeLog:11 > + isHTMLInputElement only checked if the tag name was input which is bad > + since other things inherit from HTMLInputElement. Instead callers should > + use Node::toInputElement() which is virtual and will handle subclasses > + properly. Why is that dangerous? If an element has the name HTMLNames::inputTag, then it can't certainly be some other element, right? I agree that you can't assume that an element's name is HTMLNames::inputTag just because it's an instance of a HTMLInputElement but that's a separate issue.

(In reply to comment #2) > (From update of attachment 174378 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=174378&action=review > > > Source/WebCore/ChangeLog:11 > > + isHTMLInputElement only checked if the tag name was input which is bad > > + since other things inherit from HTMLInputElement. Instead callers should > > + use Node::toInputElement() which is virtual and will handle subclasses > > + properly. > > Why is that dangerous? If an element has the name HTMLNames::inputTag, then it can't certainly be some other element, right? > I agree that you can't assume that an element's name is HTMLNames::inputTag just because it's an instance of a HTMLInputElement but that's a separate issue. Dangerous is probably the wrong word. Why would I ever want to call this method instead of just using toInputElement() though?

Created attachment 174466 [details] Patch

Comment on attachment 174466 [details] Patch Clearing flags on attachment: 174466 Committed r134790: <http://trac.webkit.org/changeset/134790>

All reviewed patches have been landed. Closing bug.