44381 – ASSERTION FAILED: m_type == Uninitialized || m_type == Character

RESOLVED DUPLICATE of bug 44209 44381

ASSERTION FAILED: m_type == Uninitialized || m_type == Character

https://bugs.webkit.org/show_bug.cgi?id=44381

Summary ASSERTION FAILED: m_type == Uninitialized || m_type == Character

Tony Gentilcore

Reported 2010-08-21 09:20:37 PDT

Created attachment 65027 [details] Testcase This DOM triggers an ASSERT: FAIL<iframe onload="document.write('PASS')"> ASSERTION FAILED: m_type == Uninitialized || m_type == Character (/work/WebKit/WebCore/html/HTMLToken.h:117 void WebCore::HTMLToken::ensureIsCharacterToken()) I suspect this is closely related to the fix from bug 43055. Adding a document.open() before the document.write() avoids the ASSERT. I haven't debugged, but it looks like Document::open() bails out if parser->isExecutingScript(). I'll be on vacation next week, so I probably won't be able to get to this in a timely manner.

Attachments
Testcase (45 bytes, text/html) 2010-08-21 09:20 PDT, Tony Gentilcore	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Eric Seidel (no email)

Comment 1 2010-08-21 09:49:07 PDT

*** This bug has been marked as a duplicate of bug 44209 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 44209

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2010-08-21 09:20 PDT

Modified

2010-08-21 09:49 PDT History

CC List

2 users Show

URL

Keywords

Depends on

Blocks