Closed
Bug 100924
Opened 23 years ago
Closed 13 years ago
META HTTP-Equiv Content-Script-Type does not set default scripting language for inline scripting
Categories
(Core :: DOM: Core & HTML, defect, P4)
Core
DOM: Core & HTML
Tracking
()
VERIFIED
INVALID
People
(Reporter: zooplah, Unassigned)
References
Details
(Keywords: html4, testcase)
Attachments
(2 files, 1 obsolete file)
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:0.9.4+) Gecko/20010919
BuildID: 2001091903
Content-Script-Type does not set the defualt scripting language, as specified in
HTML 4. Since VBScipt is unsupported in Mozilla the OnClick event in the
following example should be ignored in accordance with the HTML 4.01
Specification chapter 18.2.2.
Reproducible: Always
Steps to Reproduce:
1. Copy Example into new HTML Document.
2. Open new Document in Mozilla.
3. Click on SPAN tag.
Actual Results: Mozilla jumps to Mozilla.org.
Expected Results: Mozilla should ignore the OnClick event because the default
scripting language is not supported.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html/loose.dtd">
<HTML lang="en-US">
<HEAD>
<TITLE>Test 1</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<META http-equiv="Content-Script-Type" content="text/vbscript">
</HEAD>
<BODY>
<SPAN onclick='location.href="http://www.mozilla.org"'>Go to Mozilla.org</A>
</BODY>
</HTML>
|
||
Updated•23 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 1•23 years ago
|
||
|
|
||
Comment 2•23 years ago
|
||
Reporter: do you have access to a webserver that sends the real
Content-Script-Type HTTP header? Does that work?
Keywords: testcase
OS: Windows ME → All
|
||
Comment 3•23 years ago
|
||
With my personal webserver I added 'Content-Script-Type: text/vbscript' to the
headers and sent it Mozilla, the result was the same as with the META tag, the
scripting was not ignored.
|
Reporter | |
Comment 4•23 years ago
|
||
Even if the real Content-Script-Type HTTP header did work, the HTML 4.01
Specification states the Content-Script-Type META element takes precedence over
the HTTP header; hence, by only supporting the header, Mozilla would still be in
violation of the standard.
Also, the similar Content-Style-Type META element for setting the default
styling languages does work.
|
|
Reporter | |
Comment 5•23 years ago
|
||
|
|
||
Comment 6•23 years ago
|
||
Yuck. It doesn't look like this was ever implemented, except for a mention in
nsHTMLAtomList.h. Tenatively sending this to DOM Core; whoever receives it,
please reassign promptly if it isn't yours, this is a rather serious issue.
Assignee: harishd → jst
Component: Parser → DOM Core
QA Contact: moied → stummala
|
||
Comment 7•23 years ago
|
||
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1
(you can query for this string to delete spam or retrieve the list of bugs I've
moved)
Target Milestone: mozilla1.0 → mozilla1.0.1
|
||
Comment 8•23 years ago
|
||
Need more info for this one. Is it widely used? Are there any real-world sites
affected by this? Given that the fix is quite involved (from what I saw in LXR),
putting P4 and severity to normal. If you disagree please speak up and we will
reconsider.
Severity: major → normal
Priority: P3 → P4
|
|
Reporter | |
Comment 9•23 years ago
|
||
This isn't used much yet; however it is in the HTML 4 standard, hence it is a
major omission.
|
||
Updated•22 years ago
|
Target Milestone: mozilla1.0.1 → ---
|
||
Comment 10•22 years ago
|
||
reference from the spec
http://www.w3.org/TR/html401/interact/scripts.html#h-18.2.2
I think I have a patch for this.
|
|
||
Comment 11•22 years ago
|
||
This really shouldnt be all that difficult. Something like the above patch
should work. Right? Or am I missing something?
|
|
||
Comment 12•22 years ago
|
||
Comment on attachment 109128 [details] [diff] [review]
proof-of-concept patch
jst, can you please look at this and let me know if this makes sense at all.
Attachment #109128 -
Flags: review?(jst)
|
|
||
Comment 13•22 years ago
|
||
Comment on attachment 109128 [details] [diff] [review]
proof-of-concept patch
This has some more issues. Removing review request.
Attachment #109128 -
Attachment is obsolete: true
Attachment #109128 -
Flags: review?(jst)
|
||
Comment 15•20 years ago
|
||
Brendan: We probably want to implement this for being able to use E4X in event
handler attributes.
QA Contact: stummala → ian
|
||
Comment 16•17 years ago
|
||
Clear Methods needs/wants to make Water (www.waterlanguage.org) an alternative
client-side language. Until this bug is fixed, we won't be able to make Water work
with Mozilla/FireFox, which limits innovation in client-side languages that work
with XHTML. Internet Explorer correctly implements Content-Script-Type which allows IE to
support other scripting languages.
I would like to offer $1,000.00 USD to have this bug/feature fixed. Please contact
me if you are interested in helping me fix this bug.
I am interested in finding others who also need to support client-side languages
other than JavaScript, so we can raise the priority of this bug being fixed.
|
|
||
Comment 18•13 years ago
|
||
This problem still exists in Firefox 9. Is there an updated patch?
However, I am not sure this is part of HTML5. I could not find it in the list of defined http-equiv constants (but content-style-type is also not there).
And also the <script> element "type" attribute specifies: 'The default, which is used if the attribute is absent, is "text/javascript".'. Yes, the testcase does not use <script>, but it may be relevant.
Keywords: html4
|
||
Comment 19•13 years ago
|
||
HTML5 doesn't allow placing Content-Script-Type in the header.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
|
|
||
Comment 20•13 years ago
|
||
Then how is the script language determined in the example?
|
|
||
Comment 21•13 years ago
|
||
It's always JavaScript.
http://dev.w3.org/html5/spec-author-view/webappapis.html#event-handler-content-attributes
> Event handler content attributes, when specified, must contain valid JavaScript code which, when parsed, would match the FunctionBody production after automatic semicolon insertion. [ECMA262]
|
||
Comment 22•13 years ago
|
||
Exactly.
Assignee: general → nobody
Status: RESOLVED → VERIFIED
Flags: in-testsuite?
Hardware: x86 → All
You need to log in
before you can comment on or make changes to this bug.
Description
•