Using <form> in <template> causes following <form> to get swallowed
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 6 Mar 2017 01:36:30 +0000 (01:36 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 6 Mar 2017 01:36:30 +0000 (01:36 +0000)
https://bugs.webkit.org/show_bug.cgi?id=163552

Reviewed by Sam Weinig.

Source/WebCore:

As per the HTML specification [1], when finding a "form" tag in the "in body"
insertion mode, we should insert an HTML element for the token, and, if there
is no template element on the stack of open elements, set the form element
pointer to point to the element created.

We were missing the "if there is no template element on the stack of open
elements" check and setting the form element pointer unconditionally.
This patch fixes the issue.

[1] https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inbody:form-element-pointer-2

Test: fast/parser/form-after-template.html

* html/parser/HTMLConstructionSite.cpp:
(WebCore::HTMLConstructionSite::insertHTMLFormElement):

LayoutTests:

Add layout test coverage.

* fast/parser/form-after-template-expected.html: Added.
* fast/parser/form-after-template.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@213438 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/parser/form-after-template-expected.html [new file with mode: 0644]
LayoutTests/fast/parser/form-after-template.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/parser/HTMLConstructionSite.cpp

index 5fa0140..93a699e 100644 (file)
@@ -1,3 +1,15 @@
+2017-03-05  Chris Dumez  <cdumez@apple.com>
+
+        Using <form> in <template> causes following <form> to get swallowed
+        https://bugs.webkit.org/show_bug.cgi?id=163552
+
+        Reviewed by Sam Weinig.
+
+        Add layout test coverage.
+
+        * fast/parser/form-after-template-expected.html: Added.
+        * fast/parser/form-after-template.html: Added.
+
 2017-03-04  Myles C. Maxfield  <mmaxfield@apple.com>
 
         Update CSSFontSelector's matching algorithm to understand ranges
diff --git a/LayoutTests/fast/parser/form-after-template-expected.html b/LayoutTests/fast/parser/form-after-template-expected.html
new file mode 100644 (file)
index 0000000..80e874d
--- /dev/null
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html>
+<body>
+<p>Test that the form following a template element properly gets parsed.</p>
+<form style="background-color:red;">
+    <input type="text" /><button>Submit</button>
+</form>
+</body>
+</html>
diff --git a/LayoutTests/fast/parser/form-after-template.html b/LayoutTests/fast/parser/form-after-template.html
new file mode 100644 (file)
index 0000000..7c2b89c
--- /dev/null
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<body>
+<p>Test that the form following a template element properly gets parsed.</p>
+<template><form></form></template>
+<form style="background-color:red;">
+    <input type="text" /><button>Submit</button>
+</form>
+</body>
+</html>
index 8dd23d1..7a74a7e 100644 (file)
@@ -1,3 +1,26 @@
+2017-03-05  Chris Dumez  <cdumez@apple.com>
+
+        Using <form> in <template> causes following <form> to get swallowed
+        https://bugs.webkit.org/show_bug.cgi?id=163552
+
+        Reviewed by Sam Weinig.
+
+        As per the HTML specification [1], when finding a "form" tag in the "in body"
+        insertion mode, we should insert an HTML element for the token, and, if there
+        is no template element on the stack of open elements, set the form element
+        pointer to point to the element created.
+
+        We were missing the "if there is no template element on the stack of open
+        elements" check and setting the form element pointer unconditionally.
+        This patch fixes the issue.
+
+        [1] https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inbody:form-element-pointer-2
+
+        Test: fast/parser/form-after-template.html
+
+        * html/parser/HTMLConstructionSite.cpp:
+        (WebCore::HTMLConstructionSite::insertHTMLFormElement):
+
 2017-03-04  Myles C. Maxfield  <mmaxfield@apple.com>
 
         Update CSSFontSelector's matching algorithm to understand ranges
index 8e966e0..4bf63ed 100644 (file)
@@ -476,10 +476,14 @@ void HTMLConstructionSite::insertHTMLBodyElement(AtomicHTMLToken&& token)
 void HTMLConstructionSite::insertHTMLFormElement(AtomicHTMLToken&& token, bool isDemoted)
 {
     auto element = createHTMLElement(token);
-    m_form = &downcast<HTMLFormElement>(element.get());
-    m_form->setDemoted(isDemoted);
-    attachLater(currentNode(), *m_form);
-    m_openElements.push(HTMLStackItem::create(*m_form, WTFMove(token)));
+    auto& formElement = downcast<HTMLFormElement>(element.get());
+    // If there is no template element on the stack of open elements, set the
+    // form element pointer to point to the element created.
+    if (!openElements().hasTemplateInHTMLScope())
+        m_form = &formElement;
+    formElement.setDemoted(isDemoted);
+    attachLater(currentNode(), formElement);
+    m_openElements.push(HTMLStackItem::create(formElement, WTFMove(token)));
 }
 
 void HTMLConstructionSite::insertHTMLElement(AtomicHTMLToken&& token)