Opened 5 years ago
Closed 5 years ago
#13634 closed bug (duplicate)
html(str) shouldn't try so hard to insert script tags - especially in iframes
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | undecided | Milestone: | None |
| Component: | unfiled | Version: | 1.9.1 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
I've been bitten by this behaviour two times :
- one doing server-side scripting using jsdom, resulting in having foreign script tags executed in an environment they shouldn't have been,
- one doing $(mySandboxedIframeContentDocument).html(str), jquery is inserting the <script> in str in the current window when i am trying hard at inserting html safely in a sandboxed iframe.
Shouldn't we at least have a global option to disable this script insertion ?
Note: See
TracTickets for help on using
tickets.
Duplicate of #11795.