- From: Philip TAYLOR <Philip-and-LeKhanh@Royal-Tunbridge-Wells.Org>
- Date: Mon, 11 Aug 2008 14:33:21 +0100
- To: Toby A Inkster <tai@g5n.co.uk>
- CC: public-html@w3.org
If "return" were allowed there (is it ? It is not within a function), then surely the string returned should be treated as the URL of the JavaScript file to be loaded/executed, as in : <p>An in-line script : <script src="javascript:return './demo.js'"> </script> </p> </body> </html> Philip TAYLOR -------- Toby A Inkster wrote: > > This is nasty, I know, but what about: > > <script src="javascript:return 'window.alert("hello")';"> > </script> > > i.e. the 'javascript:' URI is executed and returns a string, the string > returned is then treated as if it were the contents of the <script> > element. Nasty though it is, that seems to be more consistent with how > the 'javascript:' protocol is handled in 'href'. > > --Toby A Inkster > <mailto:mail@tobyinkster.co.uk> > <http://tobyinkster.co.uk> > > > >
Received on Monday, 11 August 2008 13:34:03 UTC