- From: Ryosuke Niwa <rniwa@webkit.org>
- Date: Thu, 11 Nov 2010 16:34:59 -0800
Greetings all,
I'm working on the WebKit bug 12234 - Using createContextualFragment to
insert a <script> does not cause the script to
execute<https://bugs.webkit.org/show_bug.cgi?id=12234>.
While investigating the issue, the following part of HTML5 spec came to my
attention:
*10.2.5.7 The "in head" insertion
mode<http://www.whatwg.org/specs/web-apps/current-work/#parsing-main-inhead>
*
...
- *A start tag whose tag name is "script"*
1. If the parser was originally created for the HTML fragment parsing
algorithm, then mark the script element as "already started". (fragment
case)
Since 10.4 Parsing HTML
fragments<http://www.whatwg.org/specs/web-apps/current-work/#fragment-case>does
not special case the script element, this seem to imply that we never
execute scripts inserted by the HTML fragment parsing algorithm. Am I
right?
To give you more concrete example, should the following markup show the
alert or not?
<!DOCTYPE html>
<html>
<script>
document.body.innerHTML+="<scr"+"ipt>alert('SUCCESS')</scr"+"ipt>";
</script>
</html>
Best regards,
Ryosuke Niwa
Software Engineer
Google Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20101111/cb2d0867/attachment.htm>
Received on Thursday, 11 November 2010 16:34:59 UTC