Closed Bug 377314 Opened 17 years ago Closed 15 years ago

Errors with "div.innerHTML = div.innerHTML" in XHTML with low surrogate character

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 316338

People

(Reporter: jruderman, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: testcase)

Attachments

(1 file)

testcase
438 bytes, application/xhtml+xml
Details 
"div.innerHTML = div.innerHTML" causes an XML parsing error and throws NS_ERROR_INVALID_POINTER.  I suspect that this is a bug in the innerHTML setter (rather than a bug in the innerHTML getter) because the error messages are suspicious.


XML Parsing Error: not well-formed
Location: 
Line Number 1, Column 129:
<html xmlns="http://www.w3.org/1999/xhtml"><body xmlns="http://www.w3.org/1999/xhtml"><div xmlns="http://www.w3.org/1999/xhtml"></

(The arrow points to the second-to-last character in the message, "<".)


[Exception... "Component returned failure code: 0x80004003 (NS_ERROR_INVALID_POINTER) [nsIDOMNSHTMLElement.innerHTML]"  nsresult: "0x80004003 (NS_ERROR_INVALID_POINTER)"  location: "JS frame :: file:///Users/jruderman/Sites/fuzz3/textinner/f.xhtml :: boom :: line 14"  data: no]
Attached file testcase 

    
    

    
  
The bug here is in one of the JS engine, XPConnect, and createTextNode.  Basically, once we have a text node with an invalid UTF16 string in it it's all bad.

The setter is correctly throwing on invalid input; that's the right behavior.

See bug 316338 for details.
Blocks: 316338

    
  
Blocks: textfuzzer

    
    

    
  
NS_ERROR_INVALID_POINTER might not be the right exception to throw, though ;)

    
  
Blocks: 421546
Assignee: general → nobody
QA Contact: ian → general

    
    

    
  
Bug 466751 fixed the error message.  Now it's:

[Exception... "An invalid or illegal string was specified"  code: "12" nsresult: "0x8053000c (NS_ERROR_DOM_SYNTAX_ERR)"  location: "https://bug377314.bugzilla.mozilla.org/attachment.cgi?id=261408 Line: 14"]

As bz said, the main problem here is bug 316338.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Component: DOM: Mozilla Extensions → DOM
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: