jQuery html member method malfunctions when using IE7/8/9 in high security settings

[gearoid.p.murphy@…]

To reproduce: Use IE 7/8/9 in High security mode for the Internet zone. Load the attached html file. You should be prompted with a warning about running the scripts on the page. Allow them to run and click the button on the page. This button invokes javascript which adds in another button and a select element. Click the newly created button to test that the javascript has loaded OK, it should pop up an alert. If you examine the attached html file, you'll see that I use the javascript "innerHTML" instead of the jQuery "html" method to do this. The jQuery "html" method adds in the content OK but the javascript does not execute. Stranger still, if you remote the option tag from the select element in the dynamic html content, the problem goes away. I wish I could provide a more concise example but unfortunately this is the best I can do.

[gearoid.p.murphy@…]

Hmmm, I can't seem to attach a file, I'll just paste it in here:

<html>

<head>

<script type="text/javascript" src="​http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.js"></script> <script>

function dynamicContent() {

var data = '<div><select> <option>Option Entry</option> </select> <input type="button" value="Test dynamic content alert" onclick="Javascript:alert(\'content loaded successfully\')"></div>' ;

document.getElementById("ajaxPanel").innerHTML = data ; /* this works */

/*$("#ajaxPanel").html(data); this doesn't */

}

</script>

</head> <body>

<input type="button" value="Invoke dynamic content..." onclick="javascript:dynamicContent()"> <div id="ajaxPanel"> </div>

</body>

</html>

[timmywil]

IE is pretty insane with its security modes sometimes. I don't think this is something we can fix reliably as we don't have control over what IE decides is insecure. Besides, innerHTML does not seem to work for me either in the highest security mode: ​http://jsfiddle.net/4GVUm/3/