W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > October 2009

[Bug 7851] New: Some (perhaps all) scripts with a for="" attribute should be ignored

From: <bugzilla@wiggum.w3.org>
Date: Fri, 09 Oct 2009 06:14:16 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-7851-2486@http.www.w3.org/Bugs/Public/>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=7851

           Summary: Some (perhaps all) scripts with a for="" attribute
                    should be ignored
           Product: HTML WG
           Version: unspecified
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HTML5 spec bugs
        AssignedTo: dave.null@w3.org
        ReportedBy: mjs@apple.com
         QAContact: public-html-bugzilla@w3.org
                CC: ian@hixie.ch, mike@w3.org, public-html@w3.org


Problem: At least some Web pages break when script elements trying to use the
for="" / event="" mechanism get run right away. HTML5 currently doesn't have
any provisions for preventing execution of such scripts. Here is a WebKit bug
that we had as a result of running for/event scripts:
https://bugs.webkit.org/show_bug.cgi?id=21193

Possible solutions:

For WebKit, we just refuse to execute any script where the script element has a
for="" attribute.

Gecko's current behavior according to Jonas Sicking:

If a <script> has *both* for="" and event="" attributes, then refuse to execute
it, *unless* the for value is "window", and the event value is one of "onload",
a value starting with "onload ", or a value starting with "onload (" (all
string comparisons case insensitive).

Jonas said he would consider making Mozilla use the simpler WebKit behavior.

I recommend that HTML5 should take one of these approaches.


-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Friday, 9 October 2009 06:14:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 9 October 2009 06:14:19 GMT