W3C home > Mailing lists > Public > public-html@w3.org > October 2007

<script src=javascript:"..."> should do nothing

From: Simon Pieters <simonp@opera.com>
Date: Fri, 12 Oct 2007 13:18:14 +0200
To: public-html <public-html@w3.org>
Message-ID: <op.tz20cowkidj3kv@hp-a0a83fcd39d2.belkin>

Consider the following:

    <script src=javascript:"alert(1)"></script>

In Firefox, Opera, Safari and IE, the script of the resulting text/html  
document "alert(1)" is not executed. The spec should reflect this  
(probably in the "The javascript: protocol" section).

(Note that this is different to <script src=javascript:alert(1)></script>.)

Simon Pieters
Opera Software
Received on Friday, 12 October 2007 11:18:26 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:15:27 UTC