When I said "If it's the spec", I meant "If the spec is incorrect".

Separately, there's also a discrepancy in the ResetInsertionModeAppropriately implementation, regarding the "last" variable.

The spec, 12.2.4.1 The insertion mode, says that handling <td> or <th> is conditional on the "last" variable:
https://html.spec.whatwg.org/multipage/parsing.html#the-insertion-mode

The implementation has no such conditionality:
https://github.com/chromium/chromium/blob/fc665c309169a09fe5e1aee961a3c2fb4fb15563/third_party/WebKit/Source/core/html/parser/HTMLTreeBuilder.cpp#L1551

Similarly, the spec and implementation differ on whether handling <head> depends on the state of "last". The C++ code for handling <head> also conditionally modifies the fragment_context_, which doesn't appear to have analogous words in the spec.

Confirmed that Firefox and Safari didn't recognize <template> in <frameset>.
The following HTML should not show "[object HTMLTemplateElement]".

<!DOCTYPE html>
<script>
window.onload = function() {
  alert(document.body.firstChild);
};
</script>
<frameset><template>
<div>abc</div>
</template></frameset>


Please file another bug for Comment 2.

Comment 2 spun out as issue #849934.

We already have a test.
https://wpt.fyi/results/html/syntax/parsing/template/additions-to-the-in-frameset-insertion-mode/end-tag-frameset.html

Hi all, I'd like to work on this issue

#6, Great!  Please go ahead.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a464a0af1611a1c9d25253afc62238142eeb1a45

commit a464a0af1611a1c9d25253afc62238142eeb1a45
Author: Sunny <ratsunny@gmail.com>
Date: Fri Jun 22 01:33:54 2018

Remove non-standard template tag process code from html parser

According to HTML document parsing spec[1], there is no special
procedure for <template> tag when in "in frameset" insertion mode.
Besides, in "in template" insertion mode, the parser should not process
<frameset> tag by changing insertion mode to "in frameset" mode.

Around 18 failed tests should be passed after this change.

For standalone html5lib tests in LayoutTests/html5lib, template.dat
is updated to match the correct behavior.

[1] https://html.spec.whatwg.org/multipage/parsing.html

BUG= 829668 

Change-Id: Id25e6ab9ce47042a8e86a30aa2827f529f24f463
Reviewed-on: https://chromium-review.googlesource.com/1108191
Reviewed-by: Kent Tamura <tkent@chromium.org>
Commit-Queue: Kent Tamura <tkent@chromium.org>
Cr-Commit-Position: refs/heads/master@{#569497}
[delete] https://crrev.com/c642f7a962b87275d89cddbd47103cc6f8cef939/third_party/WebKit/LayoutTests/external/wpt/html/semantics/scripting-1/the-template-element/template-element/template-as-a-descendant-expected.txt
[delete] https://crrev.com/c642f7a962b87275d89cddbd47103cc6f8cef939/third_party/WebKit/LayoutTests/external/wpt/html/semantics/scripting-1/the-template-element/template-element/template-descendant-frameset-expected.txt
[delete] https://crrev.com/c642f7a962b87275d89cddbd47103cc6f8cef939/third_party/WebKit/LayoutTests/external/wpt/html/syntax/parsing/html5lib_template_run_type=uri-expected.txt
[delete] https://crrev.com/c642f7a962b87275d89cddbd47103cc6f8cef939/third_party/WebKit/LayoutTests/external/wpt/html/syntax/parsing/html5lib_template_run_type=write-expected.txt
[delete] https://crrev.com/c642f7a962b87275d89cddbd47103cc6f8cef939/third_party/WebKit/LayoutTests/external/wpt/html/syntax/parsing/html5lib_template_run_type=write_single-expected.txt
[delete] https://crrev.com/c642f7a962b87275d89cddbd47103cc6f8cef939/third_party/WebKit/LayoutTests/external/wpt/html/syntax/parsing/template/additions-to-the-in-frameset-insertion-mode/end-tag-frameset-expected.txt
[modify] https://crrev.com/a464a0af1611a1c9d25253afc62238142eeb1a45/third_party/WebKit/LayoutTests/html5lib/resources/template.dat
[modify] https://crrev.com/a464a0af1611a1c9d25253afc62238142eeb1a45/third_party/blink/renderer/core/html/parser/html_tree_builder.cc