Bug Tracker

Opened 9 years ago

Closed 8 years ago

Last modified 8 years ago

#6765 closed bug (duplicate)

jQuery strips non type='text/javscript' script tags when cleaning fragments

Reported by: johnferin Owned by: johnferin
Priority: high Milestone: 1.next
Component: manipulation Version: 1.5
Keywords: cleaning, escaping Cc:
Blocked by: Blocking:

Description

On Line 4498

ret.splice.apply( ret, [i + 1, 0].concat(jQuery.makeArray(ret[i].getElementsByTagName("script"))) );

This will strip <script type='text/html'> tags.

An ugly solution for this is

ret.splice.apply( ret, [i + 1, 0].concat(jQuery.makeArray(ret[i].getElementsByTagName("script")).filter(function(i,n){ return i.type.toLowerCase() == 'text/javascript'})) );

Change History (6)

comment:1 Changed 9 years ago by SlexAxton

Component: coremanipulation
Milestone: 1.4.31.5
Owner: set to johnferin
Priority: low
Status: newpending

I'd love a jsfiddle reduced test case on this so i can push it forward. Thanks!

comment:2 Changed 9 years ago by trac-o-bot

Status: pendingclosed

Automatically closed due to 14 days of inactivity.

comment:3 Changed 8 years ago by anonymous

There are more common MIME types for JavaScript: application/ecmascript, text/jscript, etc. [1][2] Also they can contain version identifiers: application/javascript;version=1.7 [3].

[1] http://msdn.microsoft.com/en-us/library/ms534701%28v=vs.85%29.aspx [2] https://developer.mozilla.org/En/HTML/Element/Script [3] https://developer.mozilla.org/en/new_in_javascript_1.7

comment:4 Changed 8 years ago by jitter

Milestone: 1.51.next
Status: closedreopened
Version: 1.4.21.5

comment:5 Changed 8 years ago by jitter

Priority: lowhigh
Resolution: duplicate
Status: reopenedclosed

comment:6 Changed 8 years ago by jitter

Duplicate of #6180.

Note: See TracTickets for help on using tickets.