Aljazeera.net crashing konqueror
Dirk Mueller
mueller at kde.org
Mon Apr 14 05:26:58 BST 2003
On Die, 08 Apr 2003, Luis Pedro Coelho wrote:
> In recent HEAD: goto http://english.aljazeera.net/ and get an immediate crash
> (attached backtrace).
This is a tricky one.
<html>
<body>
<script>
tdId = document.all.item(0);
tdId.innerHTML ="39GMT";
</script>
</html>
innerHTML on the "document" node deletes all the children, including the
body, which is the current node of the surrounding htmlparser of the
document.
The standard fix would be introducing reference counting for the current
node, but this is impossible, because the document fragment parser will
then dereference the fragment before it is refcounted in a smart container.
(html_elementimpl.cpp around line 460)
Okay, it is possible to make createContextualFragment to return a smart
container, but this is quite unelegant. As this code was introduced by the
Safari team, maybe they have a simpler fix for this problem already?
--
Dirk
More information about the kfm-devel
mailing list