Bug Tracker

Opened 13 years ago

Closed 11 years ago

#6558 closed bug (invalid)

appendTo allows script tags to leak into the DOM

Reported by: arn_o Owned by:
Priority: low Milestone: 1.next
Component: manipulation Version: 1.4.4
Keywords: append appendto head script Cc:
Blocked by: Blocking:


In firefox 3.6.3 when I use

$('head').append('<script type="text/javascript" src="/src.js"></script>');

The script is loaded correctly but I can't retrieve this freshly added <script> tag in the list when I ask for it:

jsList = $("head > script[src][type='text/javascript']");

However I can retrieve it if I add it this way:

$('<script type="text/javascript" src="/src.js"></script>').appendTo('head');

or this way:

var e = document.createElement("script"); e.src = '/src.js'; e.type="text/javascript"; head.appendChild(e);

Shouldn't those three ways of adding a <script> tag to the <head> behave the same way ?

Change History (6)

comment:1 Changed 13 years ago by snover

Milestone: 1.4.3

Resetting milestone to future.

comment:2 Changed 13 years ago by snover

Milestone: 1.4.5
Priority: low
Status: newopen
Summary: different behaviour between $('head').append('<script ...') and $('<script...').appendTo('head')appendTo allows script tags to leak into the DOM

appendTo should not be appending the script tag.

comment:3 Changed 12 years ago by john

#7626 is a duplicate of this ticket.

comment:4 Changed 12 years ago by john

This has to do with how jQuery executes script tags - we remove script tags that we execute in order to not run them again, we need to the same here for the $("script").appendTo() case. Confirmed in triage.

comment:5 Changed 12 years ago by gibson042

I cannot reproduce this with 1.7.1 or jquery-git. Was it fixed somewhere along the line?

comment:6 Changed 11 years ago by dmethvin

Resolution: invalid
Status: openclosed

It may have been fixed but since there have been no recent reports/confirmations and there wasn't a test case I'll mark it invalid.

Note: See TracTickets for help on using tickets.