Closed Bug 377314 Opened 18 years ago Closed 15 years ago

Errors with "div.innerHTML = div.innerHTML" in XHTML with low surrogate character

Categories

(Core :: DOM: Core & HTML, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 316338

People

(Reporter: jruderman, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: testcase)

Attachments

(1 file)

438 bytes, application/xhtml+xml
Details
"div.innerHTML = div.innerHTML" causes an XML parsing error and throws NS_ERROR_INVALID_POINTER. I suspect that this is a bug in the innerHTML setter (rather than a bug in the innerHTML getter) because the error messages are suspicious. XML Parsing Error: not well-formed Location: Line Number 1, Column 129: <html xmlns="http://www.w3.org/1999/xhtml"><body xmlns="http://www.w3.org/1999/xhtml"><div xmlns="http://www.w3.org/1999/xhtml"></ (The arrow points to the second-to-last character in the message, "<".) [Exception... "Component returned failure code: 0x80004003 (NS_ERROR_INVALID_POINTER) [nsIDOMNSHTMLElement.innerHTML]" nsresult: "0x80004003 (NS_ERROR_INVALID_POINTER)" location: "JS frame :: file:///Users/jruderman/Sites/fuzz3/textinner/f.xhtml :: boom :: line 14" data: no]
Attached file testcase
The bug here is in one of the JS engine, XPConnect, and createTextNode. Basically, once we have a text node with an invalid UTF16 string in it it's all bad. The setter is correctly throwing on invalid input; that's the right behavior. See bug 316338 for details.
Blocks: 316338
Blocks: textfuzzer
NS_ERROR_INVALID_POINTER might not be the right exception to throw, though ;)
Blocks: 421546
Assignee: general → nobody
QA Contact: ian → general
Bug 466751 fixed the error message. Now it's: [Exception... "An invalid or illegal string was specified" code: "12" nsresult: "0x8053000c (NS_ERROR_DOM_SYNTAX_ERR)" location: "https://bug377314.bugzilla.mozilla.org/attachment.cgi?id=261408 Line: 14"] As bz said, the main problem here is bug 316338.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Component: DOM: Mozilla Extensions → DOM
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: