[whatwg] Handling of script elements inside rendered OBJECT from Lachlan Hunt on 2006-05-11 (public-whatwg-archive@w3.org from May 2006)

From: Lachlan Hunt <lachlan.hunt@lachy.id.au>
Date: Thu, 11 May 2006 14:28:14 +1000
Message-ID: <4462BD5E.6040807@lachy.id.au>

Shadow2531 wrote:
> <object type="text/html" data="about:blank">
>    <script>alert('You should not see this!');</script>
> </object>
> 
> What should happen in situations like that?
> 
> The script element is alternate content.
> The object is rendered.
> The script SHOULD NOT be executed *until* the alernate content is
> rendered.

If scripts inside <object> aren't executed, then consider what should 
happen with this:

<script>
   document.write("<object type=\"text/html\" data=\"test\">");
</script>
<p>alternate content for when both scripts and the object isn't 
supported</p>
<script>
   document.write("<\/object>");
</script>

Because of the way document.write() works by writing data back into the 
stream, the question is: if scripts inside objects are not executed, is 
the second script considered part of the alternate content and thus not 
executed?

With scripts being executed, that ends up being the following

This is the innerHTML representation from Firefox:

<!DOCTYPE HTML><html><head></head><body>
<script>
   document.write("<object type=\"text/html\" data=\"./\">");
</script><object type="text/html" data="./">
<p>alternate content for when both scripts and the object isn't 
supported</p>
<script>
   document.write("<\/object>");
</script></object>
<p>test</p></body></html>

This is the DOM representation of the same:
DOCTYPE: html
HTML
   HEAD
   BODY
     SCRIPT
       # #text: document.write("<object type=\"text/html\" data=\"./\">");
     OBJECT data="./" type="text/html"
       P
         #text: alternate content for when both scripts and the object 
isn't supported
       SCRIPT
         #text: document.write("<\/object>");
     P
       #text: test

If, however, scripts aren't executed inside the second script would not 
be executed and thus the </object> would not be written out.  That would 
mean the rest of the entire document would end up being inside the 
object, as can seen in the output from IE

#comment: CTYPE ht
HTML
   HEAD
     TITLE
       BODY
         SCRIPT
         OBJECT type="text/html" data="./"
           (child nodes weren't output by IE)

The innerHTML representation:

<!DOCTYPE HTML><html><HEAD></HEAD>
<BODY>
<SCRIPT>
   document.write("<object type=\"text/html\" data=\"./\">");
</SCRIPT>

<OBJECT type=text/html data=./>
<p>alternate content for when both scripts and the object isn't 
supported</p>
<script> 
document.write("<\/object>");</script><p>test</OBJECT></BODY></html>

-- 
Lachlan Hunt
http://lachy.id.au/

Received on Wednesday, 10 May 2006 21:28:14 UTC