[Bug 10217] New: EOF after foreign content can cause crash from bugzilla@jessica.w3.org on 2010-07-21 (public-html-bugzilla@w3.org from July 2010)

From: <bugzilla@jessica.w3.org>
Date: Wed, 21 Jul 2010 09:31:37 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-10217-2486@http.www.w3.org/Bugs/Public/>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=10217

           Summary: EOF after foreign content can cause crash
           Product: HTML WG
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P1
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: jgraham@opera.com
         QAContact: public-html-bugzilla@w3.org
                CC: mike@w3.org, public-html@w3.org


Consider the document <svg></svg>

Unless I am misreading the spec, the </svg> tag is processed in the "An end
tag, if the current node is not an element in the HTML namespace". This step
causes the <svg> node to be popped from the open elements and then the
processing to abort without changing the insertion mode.

The subsequent EOF is then handled in the foreign content mode and so does the
"Pop elements from the stack of open elements until either a math element or an
svg element has been popped from the stack". However there is no such element
on the stack of open elements.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Wednesday, 21 July 2010 09:31:39 UTC