15455 – XML parser modifies the document when using foo.innerHtml = "some string"

RESOLVED DUPLICATE of bug 15456 15455

XML parser modifies the document when using foo.innerHtml = "some string"

https://bugs.webkit.org/show_bug.cgi?id=15455

Summary XML parser modifies the document when using foo.innerHtml = "some string"

Lars Knoll

Reported 2007-10-10 14:07:41 PDT

The XMLTokenizer.cpp has a constructor that takes a document fragment and parses XML into this fragment (which is used at least for handling innerHtml, maybe other places as well). While parsing this fragment, the parser calls lots of methods on the document, amongst others finishedParsing(), which can lead to memory corruption when innerHtml is used form within the onload handler.

Attachments
Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2007-10-11 00:54:07 PDT

*** This bug has been marked as a duplicate of 15456 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 15456

Priority P2

Severity Normal

Classification Unclassified

Version 523.x (Safari 3)

Hardware Other

OS OS X 10.4

Product WebKit

Component XML

Assignee

Nobody

Reported

2007-10-10 14:07 PDT

Modified

2007-10-11 00:54 PDT History

CC List

1 user Show

URL

Keywords

Depends on

Blocks