On Wed, 5 Aug 2009, Geoffrey Sneddon wrote: > Ian Hickson wrote: > > On Wed, 29 Jul 2009, Geoffrey Sneddon wrote: > > > Setting innerHTML on a select element to a start tag of one of "input", > > > "keygen", "textarea" causes an infinite loop. You have to act as if a > > > "select" end tag has been seen, before reprocessing the token, but then > > > you ignore the "select" end tag in fragment case, hence reprocessing the > > > token in the same state, leading you on your way to an infinite loop. It'd > > > be kinda nice to fix this. > > > > Fixed. Good catch. Thanks. > > You just broke it in the non-fragment case now! As far as I can tell, > there will never be a "input", "keygen", or "textarea" in scope, so the > fragment case if condition will always be true and the token will always > be ignored. I guess we want to ignore it if the stack of open elements > does not have a "select" element in table scope. Fixed. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'Received on Thursday, 13 August 2009 23:35:05 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:43 GMT