Bug 139561 - REGRESSION(r160182): Fragment parser doesn't close a form element with a close tag
Summary: REGRESSION(r160182): Fragment parser doesn't close a form element with a clos...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Ryosuke Niwa
URL:
Keywords: InRadar, Regression
: 137337 (view as bug list)
Depends on:
Blocks:
 
Reported: 2014-12-11 14:39 PST by Ryosuke Niwa
Modified: 2014-12-14 02:58 PST (History)
10 users (show)

See Also:


Attachments
Fixes the bug (6.36 KB, patch)
2014-12-11 15:05 PST, Ryosuke Niwa
no flags Details | Formatted Diff | Diff
Reverted the scheme changes (5.25 KB, patch)
2014-12-11 15:07 PST, Ryosuke Niwa
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2014-12-11 14:39:18 PST
http://trac.webkit.org/r160182 caused a regression in which a form element starts with <form> but doesn't get closed with </form>.
Comment 1 Ryosuke Niwa 2014-12-11 14:39:35 PST
rdar://problem/18525239
Comment 2 Ryosuke Niwa 2014-12-11 14:39:42 PST
<rdar://problem/18525239>
Comment 3 Ryosuke Niwa 2014-12-11 15:05:10 PST
Created attachment 243152 [details]
Fixes the bug
Comment 4 Ryosuke Niwa 2014-12-11 15:07:19 PST
Created attachment 243153 [details]
Reverted the scheme changes
Comment 5 Benjamin Poulain 2014-12-11 16:04:28 PST
*** Bug 137337 has been marked as a duplicate of this bug. ***
Comment 6 Darin Adler 2014-12-12 19:53:28 PST
Comment on attachment 243153 [details]
Reverted the scheme changes

View in context: https://bugs.webkit.org/attachment.cgi?id=243153&action=review

> Source/WebCore/html/parser/HTMLConstructionSite.cpp:462
> +    m_form = static_pointer_cast<HTMLFormElement>(element.release());

Can we use to<HTMLFormElement> instead?
Comment 7 Chris Dumez 2014-12-12 19:59:00 PST
Comment on attachment 243153 [details]
Reverted the scheme changes

View in context: https://bugs.webkit.org/attachment.cgi?id=243153&action=review

>> Source/WebCore/html/parser/HTMLConstructionSite.cpp:462
>> +    m_form = static_pointer_cast<HTMLFormElement>(element.release());
> 
> Can we use to<HTMLFormElement> instead?

We ended up calling it downcast<> :)

And if we use downcast, then we can get rid of the assertion above.
Comment 8 Darin Adler 2014-12-13 18:57:09 PST
Comment on attachment 243153 [details]
Reverted the scheme changes

View in context: https://bugs.webkit.org/attachment.cgi?id=243153&action=review

>>> Source/WebCore/html/parser/HTMLConstructionSite.cpp:462
>>> +    m_form = static_pointer_cast<HTMLFormElement>(element.release());
>> 
>> Can we use to<HTMLFormElement> instead?
> 
> We ended up calling it downcast<> :)
> 
> And if we use downcast, then we can get rid of the assertion above.

That’s funny, I can’t believe I forgot it was named downcast. Yes, we should use downcast here!
Comment 9 Ryosuke Niwa 2014-12-13 23:14:31 PST
(In reply to comment #8)
> Comment on attachment 243153 [details]
> Reverted the scheme changes
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=243153&action=review
> 
> >>> Source/WebCore/html/parser/HTMLConstructionSite.cpp:462
> >>> +    m_form = static_pointer_cast<HTMLFormElement>(element.release());
> >> 
> >> Can we use to<HTMLFormElement> instead?
> > 
> > We ended up calling it downcast<> :)
> > 
> > And if we use downcast, then we can get rid of the assertion above.
> 
> That’s funny, I can’t believe I forgot it was named downcast. Yes, we should
> use downcast here!

How do I use downcast here given element is a PassRefPtr?
Comment 10 Chris Dumez 2014-12-14 00:44:17 PST
Comment on attachment 243153 [details]
Reverted the scheme changes

View in context: https://bugs.webkit.org/attachment.cgi?id=243153&action=review

>>>>> Source/WebCore/html/parser/HTMLConstructionSite.cpp:462
>>>>> +    m_form = static_pointer_cast<HTMLFormElement>(element.release());
>>>> 
>>>> Can we use to<HTMLFormElement> instead?
>>> 
>>> We ended up calling it downcast<> :)
>>> 
>>> And if we use downcast, then we can get rid of the assertion above.
>> 
>> That’s funny, I can’t believe I forgot it was named downcast. Yes, we should use downcast here!
> 
> How do I use downcast here given element is a PassRefPtr?

downcast<>() doesn't yet know of smart pointers. So right now, you would have to do:
m_form = downcast<HTMLFormElement>(element.get());

Sadly this causes some ref-counting churn.
Comment 11 Chris Dumez 2014-12-14 00:54:13 PST
Comment on attachment 243153 [details]
Reverted the scheme changes

View in context: https://bugs.webkit.org/attachment.cgi?id=243153&action=review

>>>>>> Source/WebCore/html/parser/HTMLConstructionSite.cpp:462
>>>>>> +    m_form = static_pointer_cast<HTMLFormElement>(element.release());
>>>>> 
>>>>> Can we use to<HTMLFormElement> instead?
>>>> 
>>>> We ended up calling it downcast<> :)
>>>> 
>>>> And if we use downcast, then we can get rid of the assertion above.
>>> 
>>> That’s funny, I can’t believe I forgot it was named downcast. Yes, we should use downcast here!
>> 
>> How do I use downcast here given element is a PassRefPtr?
> 
> downcast<>() doesn't yet know of smart pointers. So right now, you would have to do:
> m_form = downcast<HTMLFormElement>(element.get());
> 
> Sadly this causes some ref-counting churn.

The equivalent to static_pointer_cast<>() using downcast<>() right now would be:
m_form = adoptRef(downcast<HTMLFormElement>(element.leakRef()));

However, this isn't terribly readable.
Comment 12 Ryosuke Niwa 2014-12-14 02:24:35 PST
Comment on attachment 243153 [details]
Reverted the scheme changes

I'm gonna commit this as is. We can't fix static_pointer_cast later when we support downcast for PassRefPtr.
Comment 13 WebKit Commit Bot 2014-12-14 02:58:15 PST
Comment on attachment 243153 [details]
Reverted the scheme changes

Clearing flags on attachment: 243153

Committed r177263: <http://trac.webkit.org/changeset/177263>
Comment 14 WebKit Commit Bot 2014-12-14 02:58:21 PST
All reviewed patches have been landed.  Closing bug.