Side navigation
#7168 closed bug (wontfix)
Opened October 13, 2010 01:30AM UTC
Closed October 14, 2010 12:46PM UTC
globalEval assumes JavaScript is being evaluated
| Reported by: | ScottyH | Owned by: | ScottyH |
|---|---|---|---|
| Priority: | undecided | Milestone: | 1.4.3 |
| Component: | unfiled | Version: | 1.4.2 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
globalEval assumes that the data argument contains JavaScript. In some (obscure) cases, globalEval may be called when attempting to evaluate a VBScript node through a dom manipulation call (e.g. append()).
I'm not even sure it's worth the added file size to do this check and change the script node's type, but it seems worth mentioning.
Attachments (0)
Change History (5)
Changed October 13, 2010 01:32AM UTC by comment:1
| owner: | → ScottyH |
|---|---|
| status: | new → pending |
Changed October 13, 2010 01:49AM UTC by comment:2
| status: | pending → new |
|---|
Changed October 13, 2010 01:49AM UTC by comment:3
The problem is on line 4493 of 1.4.2. Specifically this expression, in the if condition:
!ret[i].type
The VBScript node could decide not to use the type attribute, and instead use language="VBScript".
(Trying to figure out how to attach an example)
Changed October 13, 2010 01:50AM UTC by comment:4
| _comment0: | <html> \ <head> \ <title></title> \ </head> \ <body> \ <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js"></script> \ <script type="text/javascript"> \ var vbdetect = '<scr' + 'ipt language="VBScript">\\n'; \ vbdetect += "on error resume next\\n"; \ vbdetect += 'If Not(IsObject(CreateObject("ShockwaveFlash.ShockwaveFlash.5"))) Then\\n'; \ vbdetect += "Else\\n"; \ vbdetect += "hasFlash = true\\n"; \ vbdetect += "End If\\n"; \ vbdetect += '</scr' + 'ipt>\\n'; \ \ $("head").append(vbdetect); \ </script> \ </body> \ </html> → 1286934782539844 |
|---|
<html>
<head>
<title></title>
</head>
<body>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js"></script>
<script type="text/javascript">
var vbdetect = '<scr' + 'ipt language="VBScript">\\n';
vbdetect += "on error resume next\\n";
vbdetect += 'If Not(IsObject(CreateObject("ShockwaveFlash.ShockwaveFlash.5"))) Then\\n';
vbdetect += "Else\\n";
vbdetect += "hasFlash = true\\n";
vbdetect += "End If\\n";
vbdetect += '</scr' + 'ipt>\\n';
$("head").append(vbdetect);
</script>
</body>
</html>
Changed October 14, 2010 12:46PM UTC by comment:5
| resolution: | → wontfix |
|---|---|
| status: | new → closed |
Since VBScript is only supported by IE, there wouldn't be much benefit to supporting it through jQuery where we're struggling mightily to make things work across browsers. For a situation like this you can rewrite the snippet in Javascript or forego jQuery and evaluate the code with an IE-specific function.
Are you sure? Every place I see in jQuery that calls globalEval does so only if the script type contains the word “javascript”. Please provide a test case.