On Sat, 23 May 2009, Jonas Sicking wrote:
> On Fri, May 22, 2009 at 11:36 PM, Ian Hickson <ian@hixie.ch> wrote:
> > On Fri, 22 May 2009, Travis Leithead wrote:
> >>
> >> <body>
> >> <div>
> >> <span>
> >> <script>
> >> var d = document.querySelector(“body > div”);
> >> d.parentNode.removeChild(d);
> >> </script>
> >> <code>
> >> <script>
> >> alert(“a running zombie script?”);
> >> </script>
> >> </code>
> >> </span>
> >> </div>
> >> </body>
> >
> > The second script gets executed by the "Run the script." sentence in
> > 9.2.5.11 The "in CDATA/RCDATA" insertion mode, under "An end tag whose
> > tag name is "script"".
> >
> > Basically when a <script> element is handled by the parser, it gets
> > parsed regardless of what the DOM looks like.
>
> Is there a reason for things to be designed this way?
It's done this way because when this element is inserted into the DOM,
it's empty, so we can't execute it yet. So it has to be special-cased --
either by making the element not be inserted into the document until the
end tag is seen or implied, or by making the script handling be a special
case. It turns out that far a variety of reasons, the latter is
significantly easier and helps with other things as well (such as
defining exactly how document.write() interacts with the parser, which
requires a special case here anyway).
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'