Opened 13 years ago
Closed 11 years ago
#6558 closed bug (invalid)
appendTo allows script tags to leak into the DOM
Reported by: | arn_o | Owned by: | |
---|---|---|---|
Priority: | low | Milestone: | 1.next |
Component: | manipulation | Version: | 1.4.4 |
Keywords: | append appendto head script | Cc: | |
Blocked by: | Blocking: |
Description
In firefox 3.6.3 when I use
$('head').append('<script type="text/javascript" src="/src.js"></script>');
The script is loaded correctly but I can't retrieve this freshly added <script> tag in the list when I ask for it:
jsList = $("head > script[src][type='text/javascript']");
However I can retrieve it if I add it this way:
$('<script type="text/javascript" src="/src.js"></script>').appendTo('head');
or this way:
var e = document.createElement("script"); e.src = '/src.js'; e.type="text/javascript"; head.appendChild(e);
Shouldn't those three ways of adding a <script> tag to the <head> behave the same way ?
Change History (6)
comment:1 Changed 13 years ago by
Milestone: | 1.4.3 |
---|
comment:2 Changed 13 years ago by
Milestone: | → 1.4.5 |
---|---|
Priority: | → low |
Status: | new → open |
Summary: | different behaviour between $('head').append('<script ...') and $('<script...').appendTo('head') → appendTo allows script tags to leak into the DOM |
Version: | 1.4.2 → 1.4.4 |
appendTo
should not be appending the script tag.
comment:4 Changed 12 years ago by
This has to do with how jQuery executes script tags - we remove script tags that we execute in order to not run them again, we need to the same here for the $("script").appendTo() case. Confirmed in triage.
comment:5 Changed 12 years ago by
I cannot reproduce this with 1.7.1 or jquery-git. Was it fixed somewhere along the line?
comment:6 Changed 11 years ago by
Resolution: | → invalid |
---|---|
Status: | open → closed |
It may have been fixed but since there have been no recent reports/confirmations and there wasn't a test case I'll mark it invalid.
Resetting milestone to future.