- From: Ryosuke Niwa <rniwa@webkit.org>
- Date: Wed, 1 Dec 2010 11:54:17 -0800
After reading all the responses and consulting with several developers at
Google and other WebKit contributors, I have reached the conclusion that we
should fix this bug, and the script parsed by createContextualFragment
should, indeed, run when the fragment is inserted into a document.
I'll follow up when the bug is fixed and WebKit's behavior is matched that
of Firefox.
Best regards,
Ryosuke Niwa
Software Engineer
Google Inc.
On Thu, Nov 11, 2010 at 4:34 PM, Ryosuke Niwa <rniwa at webkit.org> wrote:
> Greetings all,
>
> I'm working on the WebKit bug 12234 - Using createContextualFragment to
> insert a <script> does not cause the script to execute<https://bugs.webkit.org/show_bug.cgi?id=12234>.
> While investigating the issue, the following part of HTML5 spec came to my
> attention:
>
> *10.2.5.7 The "in head" insertion mode<http://www.whatwg.org/specs/web-apps/current-work/#parsing-main-inhead>
> *
> ...
>
> - *A start tag whose tag name is "script"*
> 1. If the parser was originally created for the HTML fragment parsing
> algorithm, then mark the script element as "already started". (fragment
> case)
>
> Since 10.4 Parsing HTML fragments<http://www.whatwg.org/specs/web-apps/current-work/#fragment-case>does not special case the script element, this seem to imply that we never
> execute scripts inserted by the HTML fragment parsing algorithm. Am I
> right?
>
> To give you more concrete example, should the following markup show the
> alert or not?
>
>
> <!DOCTYPE html>
> <html>
> <script>
> document.body.innerHTML+="<scr"+"ipt>alert('SUCCESS')</scr"+"ipt>";
> </script>
> </html>
>
>
> Best regards,
> Ryosuke Niwa
> Software Engineer
> Google Inc.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20101201/30adf632/attachment-0001.htm>
Received on Wednesday, 1 December 2010 11:54:17 UTC