Side navigation
#13074 closed bug (notabug)
Opened December 18, 2012 04:29PM UTC
Closed December 18, 2012 05:06PM UTC
Last modified December 18, 2012 05:34PM UTC
html("<div onclick='xyz'>x</div>") call with event on server Internet Explorer causes security error
| Reported by: | jiongmai@gmail.com | Owned by: | |
|---|---|---|---|
| Priority: | undecided | Milestone: | None |
| Component: | unfiled | Version: | 1.8.3 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
When I run $("#Item").html("<div onclick='xyz'>x</div>") it causes a popup error
Content from the website listed below is being blocked by the Internet Explorer Enhanced Security Configuration.
about:blank
It offers to add about:blank to the Trusted sites zone. If added, the error no longer appears.
This error does not cause the script to fail. The script resumes and works perfectly, and the error doesn't appear even if ran again until next page reload.
I have tested this on a server 2003 IE8 and server 2008 IE9 and they both show this behavior. This appears to affect older versions of jquery as well.
Attachments (0)
Change History (5)
Changed December 18, 2012 04:57PM UTC by comment:1
Changed December 18, 2012 05:06PM UTC by comment:2
| resolution: | → notabug |
|---|---|
| status: | new → closed |
Hey there little <div>, what are you doing in a <tbody>? You are NOT supposed to be there! And what about you <tbody>, you aren't even in a <table>! Go find a <table>, silly <tbody>.
Changed December 18, 2012 05:23PM UTC by comment:3
Since you put it that way, updated code to be a bit more compliant. Still a bug.
Changed December 18, 2012 05:30PM UTC by comment:4
My example worked fine in both IE8 and IE9. Please take it to the forum and debug it there.
Changed December 18, 2012 05:34PM UTC by comment:5
Also I should add that in general, inline event handlers are on jQuery's wontfix list since they are a security risk and extremely bad practice.
Here is an example code -- http://jsfiddle.net/2BBq6/