I found that the following javascript causes an Access Violation. This appears to be a NULL pointer: <BODY onload="go()"><SCRIPT> function go() { document.body.parentElement.removeChild(document.body); o = document.createElement("textArea"); o.innerHTML='<b><menu><link></b><head></head>x'; } </SCRIPT></BODY> Tested with Safari 3.1.1. Marked as security, I'm not sure if you treat DoS as a security issue, so erring on the safe side.
Changing priority and security flag
<rdar://problem/6007112>
Hi, I am trying to analyse this bug.But when I open the safari window in debug mode I am not able to reproduce this scenario.Is there a solution to reproduce this scenario in debug mode as well ?
I cannot reproduce this with nightlies either (but I can reproduce with Safari 3.2.3).
Created attachment 30503 [details] proposed patch So, let's just add a test.
Test committed r43966.