Bug Tracker

Modify

Ticket #11323 (closed bug: fixed)

Opened 2 years ago

Last modified 2 years ago

script tags with type="text/ecmascript" leak into the DOM

Reported by: gibson042 Owned by: rwaldron
Priority: low Milestone: 1.7.2
Component: manipulation Version: 1.7.1
Keywords: Cc:
Blocking: Blocked by:

Description

 http://jsfiddle.net/GaSua/

jQuery.clean has inconsistent logic for adding script elements to the result set vs. moving them into the scripts array: the former checks for no type or "text/javascript" or "text/ecmascript"; the latter only for no type or "text/javascript". As a result, those with type "text/ecmascript" are erroneously added to the result fragment and ultimately to the DOM.

Change History

comment:1 Changed 2 years ago by rwaldron

  • Status changed from new to closed
  • Resolution set to wontfix

RFC 4326 Defines "text/ecmascript" as obsolete

comment:2 Changed 2 years ago by gibson042

So we should remove it from rscriptType, right?

comment:3 Changed 2 years ago by dmethvin

Ideally we'd only remove script tags if the browser was going to "execute" them. I wonder if there is a simple feature detect for that. Or is it better to consistently remove scripts even if they aren't executed on the current browser? Seems like it's a dontcare if it doesn't execute.

comment:4 Changed 2 years ago by rwaldron

  • Status changed from closed to reopened
  • Resolution wontfix deleted

ugh. I didn't actually mean to select "wont fix"

comment:5 Changed 2 years ago by rwaldron

  • Priority changed from undecided to low
  • Status changed from reopened to open
  • Component changed from unfiled to manipulation

comment:7 Changed 2 years ago by rwaldron

  • Owner set to rwaldron
  • Status changed from open to assigned

As I said in the PR:

This does way more then address the bug in the ticket... I'm sorry, but after I re-opened the ticket, I wrote a test and tiny patch for this that only addresses the bug in question.

Minimal patch, directly addresses issue, includes tests:  https://github.com/jquery/jquery/pull/681

comment:8 Changed 2 years ago by Rick Waldron waldron.rick@…

  • Status changed from assigned to closed
  • Resolution set to fixed

Fix #11323. Consistently use rscriptType in jQuery.clean()

Changeset: f0732c1e4138342c96e35ff51d5cd681b6cfdb94

comment:9 Changed 2 years ago by dmethvin

  • Milestone changed from None to 1.7.2

Please follow the  bug reporting guidlines and use  jsFiddle when providing test cases and demonstrations instead of pasting the code in the ticket.

View

Add a comment

Modify Ticket

Action
as closed
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.