On Wed, 08 Apr 2015 07:55:26 +0200, Mikko Rantalainen
<mikko.rantalai...@peda.net> wrote:
The section 12.2.3.3 The list of active formatting elements
(https://html.spec.whatwg.org/multipage/syntax.html#the-list-of-active-formatting-elements)
has steps to "reconstruct the active formatting elements". The steps
include
Step 6: "If entry is neither a marker nor an element that is also in the
stack of open elements, go to the step labeled rewind."
Step 7: "Advance: Let entry be the element one later than entry in the
list of active formatting elements."
Step 8: "Create: Insert an HTML element for the token for which the
element entry was created, to obtain new element."
How to deal with the case where the `entry` points to a marker after
step 7? Obviously one cannot create a marker as an HTML element.
This case seems possible because only the Step 6 checks for a marker and
then Step 7 blindly advances the list and may set `entry` to a marker.
(I'm asking this question because I hit this case while parsing user
input with html5lib PHP implementation and that implemenetation crashes
while trying to create an HTML element from marker.)
What is the input that triggers this? I fail to come up with a list of
active formatting elements that makes the reconstruct algorithm have a
marker as entry in step 8.
--
Simon Pieters
Opera Software
