W3C home > Mailing lists > Public > public-html@w3.org > August 2008

RE: <script src=javascript:"..."> should do nothing

From: Justin James <j_james@mindspring.com>
Date: Mon, 11 Aug 2008 14:10:02 -0400
To: "'Boris Zbarsky'" <bzbarsky@MIT.EDU>
Cc: "'Toby A Inkster'" <tai@g5n.co.uk>, <public-html@w3.org>
Message-ID: <00ed01c8fbdd$799c9bf0$6cd5d3d0$@com> 

Just goes to show what I know. :)

If other @src's allow javascript:, why *wouldn't* we allow it in <script>?

J.Ja

> -----Original Message-----
> From: Boris Zbarsky [mailto:bzbarsky@MIT.EDU]
> Sent: Monday, August 11, 2008 2:01 PM
> To: Justin James
> Cc: 'Toby A Inkster'; public-html@w3.org
> Subject: Re: <script src=javascript:"..."> should do nothing
> 
> Justin James wrote:
> > I agree, it would be much more consistent for a javascript: protocol
> item in
> > the src to be executed as JavaScript. In fact, I would content that:
> >
> > <img src="javascript:..." />
> >
> > should be allowed
> 
> So do a number of other people.  And the current HTML5 draft allows it.
>   So I'm not sure what the problem is, exactly.
> 
> -Boris
Received on Monday, 11 August 2008 18:10:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:40:19 GMT