W3C home > Mailing lists > Public > public-html@w3.org > August 2008

Re: <script src=javascript:"..."> should do nothing

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 12 Aug 2008 00:22:50 +0000 (UTC)
To: Boris Zbarsky <bzbarsky@MIT.EDU>
Cc: Justin James <j_james@mindspring.com>, 'Toby A Inkster' <tai@g5n.co.uk>, public-html@w3.org
Message-ID: <Pine.LNX.4.62.0808120021200.5136@hixie.dreamhostps.com> 

On Mon, 11 Aug 2008, Boris Zbarsky wrote:
> 
> Justin James wrote:
> > If other @src's allow javascript:, why *wouldn't* we allow it in <script>?
> 
> The spec currently does.

Actually right now the spec specifically says that javascript: in <script 
src=""> does nothing, for compatiblity with existing UAs. (I doubt that 
the three biggest UAs would all ignore javascript: in this one specific 
case if there wasn't content relying on that, so it seems unwise to not 
also require this in the spec.)

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 12 August 2008 00:23:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:40:19 GMT