If "return" were allowed there (is it ? It is not within a function), then surely the string returned should be treated as the URL of the JavaScript file to be loaded/executed, as in : <p>An in-line script : <script src="javascript:return './demo.js'"> </script> </p> </body> </html> Philip TAYLOR -------- Toby A Inkster wrote: > > This is nasty, I know, but what about: > > <script src="javascript:return 'window.alert("hello")';"> > </script> > > i.e. the 'javascript:' URI is executed and returns a string, the string > returned is then treated as if it were the contents of the <script> > element. Nasty though it is, that seems to be more consistent with how > the 'javascript:' protocol is handled in 'href'. > > --Toby A Inkster > <mailto:mail@tobyinkster.co.uk> > <http://tobyinkster.co.uk> > > > >Received on Monday, 11 August 2008 13:34:03 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:40:19 GMT