- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 12 Aug 2008 09:00:42 +0200
- To: "Garrett Smith" <dhtmlkitchen@gmail.com>, "Simon Pieters" <simonp@opera.com>
- Cc: public-html <public-html@w3.org>
On Tue, 12 Aug 2008 08:52:55 +0200, Garrett Smith <dhtmlkitchen@gmail.com> wrote: > On 10/12/07, Simon Pieters <simonp@opera.com> wrote: >> >> Consider the following: >> >> <script src=javascript:"alert(1)"></script> >> >> In Firefox, Opera, Safari and IE, the script of the resulting text/html >> document "alert(1)" is not executed. The spec should reflect this >> (probably >> in the "The javascript: protocol" section). > > How is:- > > "alert(1)" > > a text/html document? > > What it looks like is a string value in a javascript: pseudo url. The return value of executing the script is treated as a text/html resource: http://www.whatwg.org/specs/web-apps/current-work/#javascript-protocol (The section Simon referenced in his e-mail.) Example: javascript:"<h1>x</h1>" -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Tuesday, 12 August 2008 07:00:54 UTC