Crash when appending V1 Custom Element to a non-main document |
||
Issue description
Version: 54.0.2810.2 canary (64-bit)
OS: OSX 10.11.5 (15F34)
What steps will reproduce the problem?
Run following snippit in browser:
customElements.define('x-foo', class extends HTMLElement {
constructor() {
super();
console.log('created', this.localName);
}
connectedCallback() {
console.log('connected', this.localName);
this.attachShadow({mode:'open'}).
appendChild(document.createElement('div'));
this.shadowRoot.firstChild.innerHTML = 'Hi in shadow';
}
});
var foo = document.createElement('x-foo');
var doc = document.implementation.createHTMLDocument();
doc.body.appendChild(foo); // << Crashes
console.assert(Boolean(doc.body.firstChild.shadowRoot));
What is the expected output?
No crash, assert passes
What do you see instead?
Tab crashes
,
Jul 29 2016
Crash ID d389ef11-e8d5-47f7-98c1-9535c71ce858 (Server ID: 8f7420be00000000
,
Jul 29 2016
Yep, this is dereferencing a null CustomElementDefinition. Thanks for filing this.
,
Aug 1 2016
Issue 632571 has been merged into this issue.
,
Aug 15 2016
,
Aug 15 2016
This should be fixed by davaajav in r409759. |
||
►
Sign in to add a comment |
||
Comment 1 by dominicc@chromium.org
, Jul 28 2016Owner: davaajav@google.com
Status: Started (was: Untriaged)