Ticket #3733 (closed bug: fixed)
.load() executes and destroy's <script> tags
| Reported by: | dante | Owned by: | flesler |
|---|---|---|---|
| Priority: | minor | Milestone: | 1.3 |
| Component: | core | Version: | 1.2.6 |
| Keywords: | Cc: | dante | |
| Blocking: | Blocked by: |
Description
The expected behavior across all browsers is to not execute <script> tags with an unknown type="" attribute. jQuery is aggressively locating script tags in xhr content, executing them, and removing them from the DOM, despite what their type="" is. It is expected that the absence of a type indicates javascript (or has been the 'norm' all this time) but an invalid type has never executed.
<script type="not/javascript"> should not execute as javascript. Just as <script type="text/javascirpt"> wouldn't run (spelling intentional)
This seems trivial nuance, but affects interoperability between Dojo and jQuery, again in trivial ways. Dojo has a "rapid prototype" technique that allows you to inherit functions from directly within a instance declaration:
<div dojoType="Thinger"><script type='dojo/method' event='onChange'>...</script></div>
When this content is loaded by standard xhr, the script is ignored. When loaded via .load(), jQuery executes and block, and removes the script, disallowing the widget it is meant to override from having access to it to bind the connections.
I'm happy with a wontfix here, provided we acknowledge the issue and document the quirk regarding the two libs. I would prefer to see jQuery only look for text/javascript or null type attribute, as the browsers do.
Test attached. break small <div> out to external html and load. Happy to do a patch if interested.
Attachments
-
jq-ajax-script.html
(717 bytes) -
added by dante 4 years ago.
-
bug-3733.patch
(641 bytes) -
added by mjuad 4 years ago.
- Fix for this bug.
Change History
comment:1 Changed 4 years ago by dmethvin
- Cc dante added
- Owner set to dmethvin
- Status changed from new to assigned
So to summarize the request: If a <script> has no type attribute or a type of "text/javascript" jQuery should execute and remove it; otherwise it should leave the script tag and content in situ.
IE allows script languages other than Javascript; since jQuery.globalEval forces the type to "text/javascript" we're doing the wrong thing for those anyway.
comment:2 Changed 4 years ago by dmethvin
- Owner changed from dmethvin to flesler
- Status changed from assigned to new
comment:3 Changed 4 years ago by mjuad
I have created a patch that fixes this bug, see attachment bug-3733.patch - It simply checks for no type or type=text/javascript before adding for globalEval & removing from the DOM.
comment:4 Changed 4 years ago by flesler
I suppose something is wrong with 1.3 beta. Older versions do work on situations like these:
jQuery('<script type="text/javascript">alert("a")</script>').appendTo('body')
jQuery('<div><script type="text/javascript">alert("a")</script></div>').appendTo('body')
Now they never execute at all.
comment:6 Changed 4 years ago by dmethvin
I've added an updated test case that breaks with 1.3b2 to ticket #3105, which also includes an example of this bug.
comment:7 Changed 4 years ago by john
- Status changed from assigned to closed
- Resolution set to fixed
- Component changed from ajax to core
Fixed in SVN rev [6083].
Please follow the bug reporting guidlines and use jsFiddle when providing test cases and demonstrations instead of pasting the code in the ticket.