This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Specification: http://www.whatwg.org/specs/web-apps/current-work/multipage/tabular-data.html Multipage: http://www.whatwg.org/C#attributes-common-to-td-and-th-elements Complete: http://www.whatwg.org/c#attributes-common-to-td-and-th-elements Comment: Should cellIndex return -1 if the cell has no parent tr? Posted from: 91.181.34.103 by ms2ger@gmail.com User agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0a1) Gecko/20120108 Firefox/12.0a1
See <https://bugzilla.mozilla.org/show_bug.cgi?id=746077>
In particular, it seems strange that 0 can mean both "first cell" and "cell in the wrong place". -1 is more common for indexOf-style APIs, IME.
This bug was cloned to create bug 18118 as part of operation convergence.
What do browsers do?
<http://software.hixie.ch/utilities/js/live-dom-viewer/?saved=1673> Gecko: -1 Chrome: 0 Opera: undefined (but does support the attribute for cells with a parent tr) IE: semi-random numbers
jeez. Ok, I'll look into making it -1.
Checked in as WHATWG revision r7243. Check-in comment: All the browsers disagree, so we'll reward the one that makes the most sense. Today's winner: Firefox! http://html5.org/tools/web-apps-tracker?from=7242&to=7243
Filed DSK-371875, <https://bugs.webkit.org/show_bug.cgi?id=93738>.
And a test: http://dvcs.w3.org/hg/html/diff/3956549d084d/tests/submission/Ms2ger/the-elements-of-html/tabular-data/attributes-common-to-td-and-th-elements/cellIndex.html
(In reply to comment #5) > IE: semi-random numbers Playing around with WinDbg, these "semi-random numbers" seems to be addresses. This can probably be used as an address leak to defeat ASLR in IE9. IE10 fixed this and matches the spec.
This information leak is due to MSHTML!CTableCell::get_cellIndex not writing the address provided for the return value that is passed as part of COM calling conventions, which is a stack local variable that happens to be set to the address when the function was called.
*the address of the object that is passed in the first parameter
Fixed in the July Cumulative Update, it now returns -1.
For IE9.