Skip to main content

Bug Tracker

Side navigation

#13634 closed bug (duplicate)

Opened March 20, 2013 08:43AM UTC

Closed March 20, 2013 12:04PM UTC

html(str) shouldn't try so hard to insert script tags - especially in iframes

Reported by: Owned by:
Priority: undecided Milestone: None
Component: unfiled Version: 1.9.1
Keywords: Cc:
Blocked by: Blocking:

I've been bitten by this behaviour two times :

  • one doing server-side scripting using jsdom, resulting in having foreign script tags executed in an environment they shouldn't have been,
  • one doing $(mySandboxedIframeContentDocument).html(str), jquery is inserting the <script> in str in the current window when i am trying hard at inserting html safely in a sandboxed iframe.

Shouldn't we at least have a global option to disable this script insertion ?

Attachments (0)
Change History (1)

Changed March 20, 2013 12:04PM UTC by mikesherov comment:1

resolution: → duplicate
status: newclosed

Duplicate of #11795.