[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: Aljazeera.net crashing konqueror
From:       Dirk Mueller <mueller () kde ! org>
Date:       2003-04-14 4:26:58
[Download RAW message or body]

On Die, 08 Apr 2003, Luis Pedro Coelho wrote:

> In recent HEAD: goto http://english.aljazeera.net/ and get an immediate crash 
> (attached backtrace).

This is a tricky one. 

<html>
  <body>
<script>
tdId = document.all.item(0);
tdId.innerHTML ="39GMT";
</script>
</html>


innerHTML on the "document" node deletes all the children, including the 
body, which is the current node of the surrounding htmlparser of the 
document. 

The standard fix would be introducing reference counting for the current 
node, but this is impossible, because the document fragment parser will 
then dereference the fragment before it is refcounted in a smart container. 

(html_elementimpl.cpp around line 460)

Okay, it is possible to make createContextualFragment to return a smart 
container, but this is quite unelegant. As this code was introduced by the 
Safari team, maybe they have a simpler fix for this problem already?


-- 
Dirk
[prev in list] [next in list] [prev in thread] [next in thread]