Closed Bug 100924 Opened 23 years ago Closed 13 years ago

META HTTP-Equiv Content-Script-Type does not set default scripting language for inline scripting

Categories

(Core :: DOM: Core & HTML, defect, P4)

defect

Tracking

()

VERIFIED INVALID

People

(Reporter: zooplah, Unassigned)

References

Details

(Keywords: html4, testcase)

Attachments

(2 files, 1 obsolete file)

From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:0.9.4+) Gecko/20010919 BuildID: 2001091903 Content-Script-Type does not set the defualt scripting language, as specified in HTML 4. Since VBScipt is unsupported in Mozilla the OnClick event in the following example should be ignored in accordance with the HTML 4.01 Specification chapter 18.2.2. Reproducible: Always Steps to Reproduce: 1. Copy Example into new HTML Document. 2. Open new Document in Mozilla. 3. Click on SPAN tag. Actual Results: Mozilla jumps to Mozilla.org. Expected Results: Mozilla should ignore the OnClick event because the default scripting language is not supported. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html/loose.dtd"> <HTML lang="en-US"> <HEAD> <TITLE>Test 1</TITLE> <META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <META http-equiv="Content-Script-Type" content="text/vbscript"> </HEAD> <BODY> <SPAN onclick='location.href="http://www.mozilla.org"'>Go to Mozilla.org</A> </BODY> </HTML>
Status: UNCONFIRMED → NEW
Ever confirmed: true
Reporter: do you have access to a webserver that sends the real Content-Script-Type HTTP header? Does that work?
Keywords: testcase
OS: Windows ME → All
With my personal webserver I added 'Content-Script-Type: text/vbscript' to the headers and sent it Mozilla, the result was the same as with the META tag, the scripting was not ignored.
Even if the real Content-Script-Type HTTP header did work, the HTML 4.01 Specification states the Content-Script-Type META element takes precedence over the HTTP header; hence, by only supporting the header, Mozilla would still be in violation of the standard. Also, the similar Content-Style-Type META element for setting the default styling languages does work.
QA Contact: bsharma → moied
Priority: -- → P3
Target Milestone: --- → mozilla1.0
Yuck. It doesn't look like this was ever implemented, except for a mention in nsHTMLAtomList.h. Tenatively sending this to DOM Core; whoever receives it, please reassign promptly if it isn't yours, this is a rather serious issue.
Assignee: harishd → jst
Component: Parser → DOM Core
QA Contact: moied → stummala
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1 (you can query for this string to delete spam or retrieve the list of bugs I've moved)
Target Milestone: mozilla1.0 → mozilla1.0.1
Need more info for this one. Is it widely used? Are there any real-world sites affected by this? Given that the fix is quite involved (from what I saw in LXR), putting P4 and severity to normal. If you disagree please speak up and we will reconsider.
Severity: major → normal
Priority: P3 → P4
This isn't used much yet; however it is in the HTML 4 standard, hence it is a major omission.
Target Milestone: mozilla1.0.1 → ---
reference from the spec http://www.w3.org/TR/html401/interact/scripts.html#h-18.2.2 I think I have a patch for this.
Attached patch proof-of-concept patch (obsolete) — Splinter Review
This really shouldnt be all that difficult. Something like the above patch should work. Right? Or am I missing something?
Comment on attachment 109128 [details] [diff] [review] proof-of-concept patch jst, can you please look at this and let me know if this makes sense at all.
Attachment #109128 - Flags: review?(jst)
Comment on attachment 109128 [details] [diff] [review] proof-of-concept patch This has some more issues. Removing review request.
Attachment #109128 - Attachment is obsolete: true
Attachment #109128 - Flags: review?(jst)
Mass-reassigning bugs to dom_bugs@netscape.com
Assignee: jst → dom_bugs
Brendan: We probably want to implement this for being able to use E4X in event handler attributes.
QA Contact: stummala → ian
Clear Methods needs/wants to make Water (www.waterlanguage.org) an alternative client-side language. Until this bug is fixed, we won't be able to make Water work with Mozilla/FireFox, which limits innovation in client-side languages that work with XHTML. Internet Explorer correctly implements Content-Script-Type which allows IE to support other scripting languages. I would like to offer $1,000.00 USD to have this bug/feature fixed. Please contact me if you are interested in helping me fix this bug. I am interested in finding others who also need to support client-side languages other than JavaScript, so we can raise the priority of this bug being fixed.
Component: DOM: Core → DOM: Core & HTML
QA Contact: ian → general
This problem still exists in Firefox 9. Is there an updated patch? However, I am not sure this is part of HTML5. I could not find it in the list of defined http-equiv constants (but content-style-type is also not there). And also the <script> element "type" attribute specifies: 'The default, which is used if the attribute is absent, is "text/javascript".'. Yes, the testcase does not use <script>, but it may be relevant.
Keywords: html4
HTML5 doesn't allow placing Content-Script-Type in the header.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
Then how is the script language determined in the example?
It's always JavaScript. http://dev.w3.org/html5/spec-author-view/webappapis.html#event-handler-content-attributes > Event handler content attributes, when specified, must contain valid JavaScript code which, when parsed, would match the FunctionBody production after automatic semicolon insertion. [ECMA262]
Exactly.
Assignee: general → nobody
Status: RESOLVED → VERIFIED
Flags: in-testsuite?
Hardware: x86 → All
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: