Skip to main content

Bug Tracker

Side navigation

#3733 closed bug (fixed)

Opened December 21, 2008 02:19PM UTC

Closed January 11, 2009 09:23PM UTC

.load() executes and destroy's <script> tags

Reported by: dante Owned by: flesler
Priority: minor Milestone: 1.3
Component: core Version: 1.2.6
Keywords: Cc: dante
Blocked by: Blocking:
Description

The expected behavior across all browsers is to not execute

<script>
tags with an unknown type="" attribute. jQuery is aggressively locating script tags in xhr content, executing them, and removing them from the DOM, despite what their type="" is. It is expected that the absence of a type indicates javascript (or has been the 'norm' all this time) but an invalid type has never executed.

 <script type="not/javascript"> 
should not execute as javascript. Just as
 <script type="text/javascirpt"> 
wouldn't run (spelling intentional)

This seems trivial nuance, but affects interoperability between Dojo and jQuery, again in trivial ways. Dojo has a "rapid prototype" technique that allows you to inherit functions from directly within a instance declaration:

<div dojoType="Thinger"><script type='dojo/method' event='onChange'>...</script></div> 

When this content is loaded by standard xhr, the script is ignored. When loaded via .load(), jQuery executes and block, and removes the script, disallowing the widget it is meant to override from having access to it to bind the connections.

I'm happy with a wontfix here, provided we acknowledge the issue and document the quirk regarding the two libs. I would prefer to see jQuery only look for text/javascript or null type attribute, as the browsers do.

Test attached. break small <div> out to external html and load. Happy to do a patch if interested.

Attachments (2)
  • bug-3733.patch (0.6 KB) - added by mjuad December 24, 2008 10:18PM UTC.

    Fix for this bug.

  • jq-ajax-script.html (0.7 KB) - added by dante December 21, 2008 02:20PM UTC.
Change History (9)

Changed December 23, 2008 08:44PM UTC by dmethvin comment:1

cc: → dante
owner: → dmethvin
status: newassigned

So to summarize the request: If a <script> has no type attribute or a type of "text/javascript" jQuery should execute and remove it; otherwise it should leave the script tag and content in situ.

IE allows script languages other than Javascript; since jQuery.globalEval forces the type to "text/javascript" we're doing the wrong thing for those anyway.

Changed December 23, 2008 08:44PM UTC by dmethvin comment:2

owner: dmethvinflesler
status: assignednew

Changed December 24, 2008 10:19PM UTC by mjuad comment:3

I have created a patch that fixes this bug, see attachment bug-3733.patch - It simply checks for no type or type=text/javascript before adding for globalEval & removing from the DOM.

Changed December 25, 2008 10:21PM UTC by flesler comment:4

I suppose something is wrong with 1.3 beta.

Older versions do work on situations like these:

jQuery('<script type="text/javascript">alert("a")</script>').appendTo('body')
jQuery('<div><script type="text/javascript">alert("a")</script></div>').appendTo('body')

Now they never execute at all.

Changed December 25, 2008 10:25PM UTC by flesler comment:5

status: newassigned

Changed January 08, 2009 03:02AM UTC by dmethvin comment:6

I've added an updated test case that breaks with 1.3b2 to ticket #3105, which also includes an example of this bug.

Changed January 11, 2009 07:33PM UTC by john comment:7

component: ajaxcore
resolution: → fixed
status: assignedclosed

Fixed in SVN rev [6083].

Changed January 11, 2009 08:07PM UTC by cloudream comment:8

resolution: fixed
status: closedreopened

need jQuery( "script", elem ).type.toLowerCase() for non-FF browsers.

I know "text/JavaScript" is wrong, but lots of people write this.

Changed January 11, 2009 09:23PM UTC by john comment:9

resolution: → fixed
status: reopenedclosed

Thanks cloudream, landed in [6085].