Last Comment Bug 155504 - [FIXr]appendChild during document.write appends twice
: [FIXr]appendChild during document.write appends twice
Product: Core
Classification: Components
Component: DOM: Core & HTML (show other bugs)
: Trunk
: All All
P1 minor (vote)
: mozilla1.4beta
Assigned To: Boris Zbarsky [:bz] (still a bit busy)
: Prashant Desale
: Andrew Overholt [:overholt]
Mentors:; x.documen...
Depends on:
  Show dependency treegraph
Reported: 2002-07-02 20:25 PDT by Jesse Ruderman
Modified: 2003-04-21 18:28 PDT (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

This fixes this bug for me... (3.54 KB, patch)
2003-04-19 11:47 PDT, Boris Zbarsky [:bz] (still a bit busy)
hjtoi-bugzilla: review+
jst: superreview+
Details | Diff | Splinter Review

Description User image Jesse Ruderman 2002-07-02 20:25:07 PDT
Click the URL link above, which is:; x.document.write("foo");
x.document.body.appendChild(x.document.createTextNode("bar")); void 0

Result: foobarbar
Expected: foobar

Workaround: call document.close() before calling appendChild.

Works as expected in IE.
Comment 1 User image Johnny Stenback (:jst, 2002-07-03 01:15:37 PDT
The DOM ends up being correct here, but we end up showing "bar" twice. Peterv,
the sink context stack n' all that must not be flushed/synced properly here,
wanna have a look?
Comment 2 User image Jesse Ruderman 2002-07-03 10:25:14 PDT
Forgot to mention: selecting the second "bar" with the mouse actually selects
the first "bar".
Comment 3 User image Johnny Stenback (:jst, 2003-03-23 14:03:53 PST
Mass-reassigning bugs to
Comment 4 User image Boris Zbarsky [:bz] (still a bit busy) 2003-04-19 11:03:12 PDT
So the problem, imo, is that the sink's treatment of notifications is just
totally whacked.  In particular, it assumes that if it's not in a script then
any notifications that are generated are caused by itself.  This is patently
incorrect if another window/frame accesses the DOM during parsing (as here).

(And why exactly does the sink not call BeginUpdate itself?  Not quite clear on
what the deal is there...)
Comment 5 User image Boris Zbarsky [:bz] (still a bit busy) 2003-04-19 11:47:20 PDT
Created attachment 121069 [details] [diff] [review]
This fixes this bug for me...
Comment 6 User image Johnny Stenback (:jst, 2003-04-21 16:21:19 PDT
Comment on attachment 121069 [details] [diff] [review]
This fixes this bug for me...

Hmm, this seems strangely correct to me, but it still scares me a bit (knowing
how many regressions we've had from messing with this code over the years).

Comment 7 User image Boris Zbarsky [:bz] (still a bit busy) 2003-04-21 16:44:06 PDT
Comment 8 User image Boris Zbarsky [:bz] (still a bit busy) 2003-04-21 18:28:07 PDT
Checked in.

Note You need to log in before you can comment on or make changes to this bug.