Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 1915ee470dcfbb539afd8069209b7a5c019e6869
https://github.com/WebKit/WebKit/commit/1915ee470dcfbb539afd8069209b7a5c019e6869
Author: Chris Dumez <[email protected]>
Date: 2026-04-04 (Sat, 04 Apr 2026)
Changed paths:
A
LayoutTests/imported/w3c/web-platform-tests/html/syntax/parsing/cdata-in-integration-point-fragment-expected.txt
A
LayoutTests/imported/w3c/web-platform-tests/html/syntax/parsing/cdata-in-integration-point-fragment.html
M Source/WebCore/html/parser/HTMLTreeBuilder.cpp
Log Message:
-----------
constructTree should use the adjusted current node for integration point
checks
https://bugs.webkit.org/show_bug.cgi?id=311486
Reviewed by Anne van Kesteren.
The post-token-processing code in constructTree() that sets the tokenizer's
shouldAllowCDATA and forceNullCharacterReplacement flags was using
m_tree.currentStackItem() for the integration point checks, while using
adjustedCurrentStackItem() for the namespace check. This is inconsistent
with shouldProcessTokenInForeignContent(), which correctly uses the
adjusted current node for all checks.
Per https://html.spec.whatwg.org/multipage/parsing.html#tree-construction,
the tree construction dispatcher uses the "adjusted current node" to
determine whether to process tokens as foreign content, and to set
tokenizer flags after each token. The adjusted current node is defined at
https://html.spec.whatwg.org/multipage/parsing.html#adjusted-current-node
as the context element during fragment parsing when the stack of open
elements has only one element.
During fragment parsing when only the root DocumentFragment is on the open
elements stack, adjustedCurrentStackItem() returns the context element
while m_tree.currentStackItem() returns the DocumentFragment. If the
context element is a MathML text integration point (mi, mo, mn, ms, mtext)
or an HTML integration point (svg foreignObject, svg desc, svg title),
the DocumentFragment would not be recognized as an integration point,
causing the tokenizer to incorrectly allow CDATA sections and force null
character replacement in what should be treated as HTML content.
Test:
imported/w3c/web-platform-tests/html/syntax/parsing/cdata-in-integration-point-fragment.html
- This test is failing in shipping Safari but passing in Chrome.
*
LayoutTests/imported/w3c/web-platform-tests/html/syntax/parsing/cdata-in-integration-point-fragment-expected.txt:
Added.
*
LayoutTests/imported/w3c/web-platform-tests/html/syntax/parsing/cdata-in-integration-point-fragment.html:
Added.
* Source/WebCore/html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::constructTree):
Canonical link: https://commits.webkit.org/310593@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
