Side navigation
#13634 closed bug (duplicate)
Opened March 20, 2013 08:43AM UTC
Closed March 20, 2013 12:04PM UTC
html(str) shouldn't try so hard to insert script tags - especially in iframes
| Reported by: | kapouer@melix.org | Owned by: | |
|---|---|---|---|
| Priority: | undecided | Milestone: | None |
| Component: | unfiled | Version: | 1.9.1 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
I've been bitten by this behaviour two times :
- one doing server-side scripting using jsdom, resulting in having foreign script tags executed in an environment they shouldn't have been,
- one doing $(mySandboxedIframeContentDocument).html(str), jquery is inserting the <script> in str in the current window when i am trying hard at inserting html safely in a sandboxed iframe.
Shouldn't we at least have a global option to disable this script insertion ?
Attachments (0)
Change History (1)
Changed March 20, 2013 12:04PM UTC by comment:1
| resolution: | → duplicate |
|---|---|
| status: | new → closed |
Duplicate of #11795.