Opened 13 years ago
Closed 11 years ago
#6558 closed bug (invalid)
appendTo allows script tags to leak into the DOM
| Reported by: | arn_o | Owned by: | |
|---|---|---|---|
| Priority: | low | Milestone: | 1.next |
| Component: | manipulation | Version: | 1.4.4 |
| Keywords: | append appendto head script | Cc: | |
| Blocked by: | Blocking: |
Description
In firefox 3.6.3 when I use
$('head').append('<script type="text/javascript" src="/src.js"></script>');
The script is loaded correctly but I can't retrieve this freshly added <script> tag in the list when I ask for it:
jsList = $("head > script[src][type='text/javascript']");
However I can retrieve it if I add it this way:
$('<script type="text/javascript" src="/src.js"></script>').appendTo('head');
or this way:
var e = document.createElement("script"); e.src = '/src.js'; e.type="text/javascript"; head.appendChild(e);
Shouldn't those three ways of adding a <script> tag to the <head> behave the same way ?
Change History (6)
comment:1 Changed 13 years ago by
| Milestone: | 1.4.3 |
|---|
comment:2 Changed 13 years ago by
| Milestone: | → 1.4.5 |
|---|---|
| Priority: | → low |
| Status: | new → open |
| Summary: | different behaviour between $('head').append('<script ...') and $('<script...').appendTo('head') → appendTo allows script tags to leak into the DOM |
| Version: | 1.4.2 → 1.4.4 |
appendTo should not be appending the script tag.
comment:4 Changed 12 years ago by
This has to do with how jQuery executes script tags - we remove script tags that we execute in order to not run them again, we need to the same here for the $("script").appendTo() case. Confirmed in triage.
comment:5 Changed 12 years ago by
I cannot reproduce this with 1.7.1 or jquery-git. Was it fixed somewhere along the line?
comment:6 Changed 11 years ago by
| Resolution: | → invalid |
|---|---|
| Status: | open → closed |
It may have been fixed but since there have been no recent reports/confirmations and there wasn't a test case I'll mark it invalid.
Resetting milestone to future.