Ticket #6765 (closed bug: duplicate)
jQuery strips non type='text/javscript' script tags when cleaning fragments
| Reported by: | johnferin | Owned by: | johnferin |
|---|---|---|---|
| Priority: | high | Milestone: | 1.next |
| Component: | manipulation | Version: | 1.5 |
| Keywords: | cleaning, escaping | Cc: | |
| Blocking: | Blocked by: |
Description
On Line 4498
ret.splice.apply( ret, [i + 1, 0].concat(jQuery.makeArray(ret[i].getElementsByTagName("script"))) );
This will strip <script type='text/html'> tags.
An ugly solution for this is
ret.splice.apply( ret, [i + 1, 0].concat(jQuery.makeArray(ret[i].getElementsByTagName("script")).filter(function(i,n){ return i.type.toLowerCase() == 'text/javascript'})) );
Change History
comment:1 Changed 3 years ago by SlexAxton
- Owner set to johnferin
- Priority set to low
- Status changed from new to pending
- Component changed from core to manipulation
- Milestone changed from 1.4.3 to 1.5
comment:2 Changed 3 years ago by trac-o-bot
- Status changed from pending to closed
Automatically closed due to 14 days of inactivity.
comment:3 Changed 2 years ago by anonymous
There are more common MIME types for JavaScript: application/ecmascript, text/jscript, etc. [1][2] Also they can contain version identifiers: application/javascript;version=1.7 [3].
[1] http://msdn.microsoft.com/en-us/library/ms534701%28v=vs.85%29.aspx [2] https://developer.mozilla.org/En/HTML/Element/Script [3] https://developer.mozilla.org/en/new_in_javascript_1.7
comment:4 Changed 2 years ago by jitter
- Status changed from closed to reopened
- Version changed from 1.4.2 to 1.5
- Milestone changed from 1.5 to 1.next
Please follow the bug reporting guidlines and use jsFiddle when providing test cases and demonstrations instead of pasting the code in the ticket.
I'd love a jsfiddle reduced test case on this so i can push it forward. Thanks!