Side navigation
#6558 closed bug (invalid)
Opened May 11, 2010 05:57PM UTC
Closed June 26, 2012 02:28AM UTC
appendTo allows script tags to leak into the DOM
| Reported by: | arn_o | Owned by: | |
|---|---|---|---|
| Priority: | low | Milestone: | 1.next |
| Component: | manipulation | Version: | 1.4.4 |
| Keywords: | append appendto head script | Cc: | |
| Blocked by: | Blocking: |
Description
In firefox 3.6.3 when I use
$('head').append('<script type="text/javascript" src="/src.js"></script>');
The script is loaded correctly but I can't retrieve this freshly added <script> tag in the list when I ask for it:
jsList = $("head > script[src][type='text/javascript']");
However I can retrieve it if I add it this way:
$('<script type="text/javascript" src="/src.js"></script>').appendTo('head');
or this way:
var e = document.createElement("script");
e.src = '/src.js';
e.type="text/javascript";
head.appendChild(e);
Shouldn't those three ways of adding a <script> tag to the <head> behave the same way ?
Attachments (0)
Change History (6)
Changed November 12, 2010 02:40AM UTC by comment:1
| milestone: | 1.4.3 |
|---|
Changed November 21, 2010 04:55AM UTC by comment:2
| milestone: | → 1.4.5 |
|---|---|
| priority: | → low |
| status: | new → open |
| summary: | different behaviour between $('head').append('<script ...') and $('<script...').appendTo('head') → appendTo allows script tags to leak into the DOM |
| version: | 1.4.2 → 1.4.4 |
appendTo should not be appending the script tag.
Changed July 12, 2011 07:35PM UTC by comment:4
This has to do with how jQuery executes script tags - we remove script tags that we execute in order to not run them again, we need to the same here for the $("script").appendTo() case. Confirmed in triage.
Changed February 11, 2012 03:45PM UTC by comment:5
I cannot reproduce this with 1.7.1 or jquery-git. Was it fixed somewhere along the line?
Changed June 26, 2012 02:28AM UTC by comment:6
| resolution: | → invalid |
|---|---|
| status: | open → closed |
It may have been fixed but since there have been no recent reports/confirmations and there wasn't a test case I'll mark it invalid.
Resetting milestone to future.