- From: Toby A Inkster <tai@g5n.co.uk>
- Date: Mon, 11 Aug 2008 14:22:36 +0100
- To: public-html@w3.org
This is nasty, I know, but what about: <script src="javascript:return 'window.alert("hello")';"> </script> i.e. the 'javascript:' URI is executed and returns a string, the string returned is then treated as if it were the contents of the <script> element. Nasty though it is, that seems to be more consistent with how the 'javascript:' protocol is handled in 'href'. -- Toby A Inkster <mailto:mail@tobyinkster.co.uk> <http://tobyinkster.co.uk>
Received on Monday, 11 August 2008 13:23:41 UTC