Bug Tracker

Opened 6 years ago

Closed 6 years ago

#13634 closed bug (duplicate)

html(str) shouldn't try so hard to insert script tags - especially in iframes

Reported by: kapouer@… Owned by:
Priority: undecided Milestone: None
Component: unfiled Version: 1.9.1
Keywords: Cc:
Blocked by: Blocking:

Description

I've been bitten by this behaviour two times :

  • one doing server-side scripting using jsdom, resulting in having foreign script tags executed in an environment they shouldn't have been,
  • one doing $(mySandboxedIframeContentDocument).html(str), jquery is inserting the <script> in str in the current window when i am trying hard at inserting html safely in a sandboxed iframe.

Shouldn't we at least have a global option to disable this script insertion ?

Change History (1)

comment:1 Changed 6 years ago by mikesherov

Resolution: duplicate
Status: newclosed

Duplicate of #11795.

Note: See TracTickets for help on using tickets.