- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 13 Aug 2009 23:34:24 +0000 (UTC)
- To: Geoffrey Sneddon <gsneddon@opera.com>
- Cc: HTMLWG WG <public-html@w3.org>
On Wed, 5 Aug 2009, Geoffrey Sneddon wrote: > Ian Hickson wrote: > > On Wed, 29 Jul 2009, Geoffrey Sneddon wrote: > > > Setting innerHTML on a select element to a start tag of one of "input", > > > "keygen", "textarea" causes an infinite loop. You have to act as if a > > > "select" end tag has been seen, before reprocessing the token, but then > > > you ignore the "select" end tag in fragment case, hence reprocessing the > > > token in the same state, leading you on your way to an infinite loop. It'd > > > be kinda nice to fix this. > > > > Fixed. Good catch. Thanks. > > You just broke it in the non-fragment case now! As far as I can tell, > there will never be a "input", "keygen", or "textarea" in scope, so the > fragment case if condition will always be true and the token will always > be ignored. I guess we want to ignore it if the stack of open elements > does not have a "select" element in table scope. Fixed. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 13 August 2009 23:35:05 UTC