"ASSERTION: Want to fire DOMNodeRemoved event, but it's not safe" with XML error in innerHTML setter

NEW
Unassigned

Status

()

Core
DOM
7 years ago
9 months ago

People

(Reporter: Jesse Ruderman, Unassigned)

Tracking

(Blocks: 1 bug, {assertion, regression, testcase})

Trunk
x86
All
assertion, regression, testcase
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

219 bytes, application/xhtml+xml
Details
4.35 KB, text/plain
Details
(Reporter)

Description

7 years ago
Created attachment 531169 [details]
testcase

###!!! ASSERTION: Want to fire DOMNodeRemoved event, but it's not safe: 'aChild->IsNodeOfType(nsINode::eCONTENT) && static_cast<nsIContent*>(aChild)-> IsInNativeAnonymousSubtree() || IsSafeToRunScript() || sDOMNodeRemovedSuppressCount', file content/base/src/nsContentUtils.cpp, line 3751

This is a recent regression, most likely from bug 650493.
(Reporter)

Updated

7 years ago
Blocks: 650493
(Reporter)

Comment 1

7 years ago
Created attachment 531170 [details]
stack trace
We should move this code over to using RemoveChildAt and simply not fire mutation events. Parser doesn't in other cases anyway.

Updated

6 years ago
OS: Mac OS X → All
(Reporter)

Comment 3

6 years ago
My fuzzer hits this assertion a lot, which slows it down somewhat.
See Also: → bug 1353002
You need to log in before you can comment on or make changes to this bug.