Closed
Bug 1303103
Opened 9 years ago
Closed 9 years ago
Wrong parsing a comment in iframe tags.
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: kamilkubacka+firefox, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0
Build ID: 20160824215626
Steps to reproduce:
I wrote a sample code with a comment in iframe:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
</head>
<body>
<iframe src="data:text/plain;plain,Hello world!">
<!--
This is a comment.
Example tags:
<b>Test</b>
</body>
</html>
The comment stay here.
</iframe>
<h2>Here should be the comment, too!</h2>
<iframe src="data:text/plain;plain,What now?!">
-->
</iframe>
</body>
</html>
Actual results:
First frame: Hello world!
Header tag (h2): Here should be the comment, too!
Second frame: What now?!
Expected results:
One frame: Hello world!
|
||
Updated•9 years ago
|
Group: firefox-core-security
Component: Untriaged → HTML: Parser
OS: All → Unspecified
Product: Firefox → Core
Hardware: All → Unspecified
|
||
Comment 1•9 years ago
|
||
iframe can contain raw text only, per latest spec, so the "<!--" doesn't make it a comment.
https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inbody:generic-raw-text-element-parsing-algorithm-2
> 12.2.5.4.7 The "in body" insertion mode
>
> When the user agent is to apply the rules for the "in body" insertion mode,
> the user agent must handle the token as follows:
> ...
> A start tag whose tag name is "iframe"
> Set the frameset-ok flag to "not ok".
> Follow the generic raw text element parsing algorithm.
https://html.spec.whatwg.org/multipage/syntax.html#generic-raw-text-element-parsing-algorithm
> 12.2.5.2 Parsing elements that contain only text
>
> The generic raw text element parsing algorithm and the generic RCDATA element
> parsing algorithm consist of the following steps. These algorithms are always
> invoked in response to a start tag token.
>
> 1. Insert an HTML element for the token.
> 2. If the algorithm that was invoked is the generic raw text element
> parsing algorithm, switch the tokenizer to the RAWTEXT state;
> otherwise the algorithm invoked was the generic RCDATA element parsing
> algorithm, switch the tokenizer to the RCDATA state.
> 3. Let the original insertion mode be the current insertion mode.
> 4. Then, switch the insertion mode to "text".
https://html.spec.whatwg.org/multipage/syntax.html#rawtext-state
> 12.2.4.3 RAWTEXT state
>
> Consume the next input character:
>
> U+003C LESS-THAN SIGN (<)
> Switch to the RAWTEXT less-than sign state.
> U+0000 NULL
> ...
> EOF
> ..
> Anything else
> Emit the current input character as a character token.
https://html.spec.whatwg.org/multipage/syntax.html#rawtext-less-than-sign-state
> 12.2.4.12 RAWTEXT less-than sign state
>
> Consume the next input character:
>
> U+002F SOLIDUS (/)
> Set the temporary buffer to the empty string. Switch to the RAWTEXT end tag
> open state.
> Anything else
> Emit a U+003C LESS-THAN SIGN character token. Reconsume in the RAWTEXT
> state.
https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-incdata
> 12.2.5.4.8 The "text" insertion mode
>
> When the user agent is to apply the rules for the "text" insertion mode,
> the user agent must handle the token as follows:
>
> A character token
> ...
> An end-of-file token
> ...
> An end tag whose tag name is "script"
> ...
> Any other end tag
> Pop the current node off the stack of open elements.
> Switch the insertion mode to the original insertion mode.
Confirmed the same behavior on the following other browsers:
* Google Chrome 53.0.2785.116 (64-bit)
* Google Chrome Canary 55.0.2861.0 canary (64-bit)
* Safari 9.1.2 (11601.7.7)
* WebKit r205967
* Edge 25.10586.0.0
not on:
* IE 11.494.10586.0
IE 11 makes it a comment.
|
||
Comment 3•9 years ago
|
||
:) Thank you for reporting nonetheless. Thank you arai for pointing that out!
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•