template element parses html incorrectly
Reported by
sin...@forlagetpropell.no,
Oct 29 2016
|
|||||
Issue description
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50
Steps to reproduce the problem:
1. Run attached file, or do the following:
var html = '<div><form></form><ul><li></li></ul></div>';
var tpl = document.createElement('template');
tpl.innerHTML = html;
the tpl has now magically wrapped the ul inside the form.
What is the expected behavior?
That the inner html of the tpl should equal the (valid) innerHTML it was given.
What went wrong?
It parses the html incorrectly.
Did this work before? N/A
Does this work in other browsers? Yes
Chrome version: 54.0.2840.71 (Official Build) (64-bit) Channel: stable
OS Version: OS X 10.12
Flash Version:
,
Oct 30 2016
Firefox parses it just fine. Chrome 54 does not. Any other element name yields the right result, only <template> is different. Note that dynamic setting of innerHTML is problematic. The static case looks fine - data:text/html,<!doctype html><template><div><form></form><ul><li></li></ul></div></template>
,
Oct 30 2016
I've reported a somewhat similar bug last month. Could be related, at least it shows that there are more funky things going on in the HTML parser. https://bugs.chromium.org/p/chromium/issues/detail?id=649929
,
Nov 1 2016
,
Nov 1 2016
Fix at https://codereview.chromium.org/2462143003/
,
Nov 2 2016
was going to file the exact same bug today. noticed it over a week ago when one of my projects didn't render correctly, but only started debugged it today (working on a current project where this bug is blocking development). looking at the patch, the test case can be made even more generalized. e.g. + 5 let snippet = '<form></form><div></div>'; - 5 let snippet = '<a><form></form><div></div></a>';
,
Nov 8 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c69c00516d0b3092098439e7d2940005468dbf3b commit c69c00516d0b3092098439e7d2940005468dbf3b Author: kouhei <kouhei@chromium.org> Date: Tue Nov 08 11:02:49 2016 [Spec compat] form element pointer should be set iff no template element on the stack of open elements Before this CL, the form element pointer was set iff *template element was the owner element of the current node*, which is wrong. After this CL, the form element pointer is set iff *template element is on the stack of open elements*, which follows the spec: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inbody "Insert an HTML element for the token, and, if there is no template element on the stack of open elements, set the form element pointer to point to the element created." BUG= 660671 Review-Url: https://codereview.chromium.org/2462143003 Cr-Commit-Position: refs/heads/master@{#430573} [add] https://crrev.com/c69c00516d0b3092098439e7d2940005468dbf3b/third_party/WebKit/LayoutTests/fast/parser/form-in-template.html [modify] https://crrev.com/c69c00516d0b3092098439e7d2940005468dbf3b/third_party/WebKit/Source/core/html/parser/HTMLConstructionSite.cpp
,
Nov 10 2016
,
Nov 15 2016
i verified canary renders forms inside templates correctly now. have a noob question. i see the next stable release for v55 is on Dec 6th, 2016 (https://www.chromium.org/developers/calendar). any chance this fix will land in that release? : )
,
Nov 15 2016
This is a good document to follow for such questions - https://www.chromium.org/blink/when-will-a-fix-ship-in-chrome-stable-or-canary
,
Jan 24 2017
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by sin...@forlagetpropell.no
, Oct 29 2016