W3C home > Mailing lists > Public > public-html@w3.org > August 2008

Re: <script src=javascript:"..."> should do nothing

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 11 Aug 2008 10:14:25 +0000 (UTC)
To: Simon Pieters <simonp@opera.com>
Cc: public-html <public-html@w3.org>
Message-ID: <Pine.LNX.4.62.0808111014070.5140@hixie.dreamhostps.com>

On Fri, 12 Oct 2007, Simon Pieters wrote:
> 
> Consider the following:
> 
>    <script src=javascript:"alert(1)"></script>
> 
> In Firefox, Opera, Safari and IE, the script of the resulting text/html 
> document "alert(1)" is not executed. The spec should reflect this 
> (probably in the "The javascript: protocol" section).
> 
> (Note that this is different to <script src=javascript:alert(1)></script>.)

Done.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 11 August 2008 10:15:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:21 GMT