Closed Bug 354667 Opened 18 years ago Closed 18 years ago

innerHTML does not escape "</script>" inside a script

Categories

(Core :: DOM: Core & HTML, defect)

PowerPC
macOS
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: jruderman, Unassigned)

Details

(Keywords: testcase)

Attachments

(1 file)

Steps to reproduce: 
1. Load the testcase, which uses DOM 2 Core to create a script node containing a text node containing the text "</script>".

Result:
  <script>j = "foo</script>bar"</script>

Expected:
  ???

I don't know what the correct innerHTML is.  http://www.w3.org/TR/html401/appendix/notes.html#notes-specifying-data isn't much help.
Attached file testcase
Attachment #240448 - Attachment description: testcasce → testcase
http://whatwg.org/specs/web-apps/current-work/#dynamic isn't much help either; it seems to claim that this behavior is correct.
This behaviour is correct. A script that sets a CDATA element's text node to contain the string "</" is invalid.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
Component: DOM: Mozilla Extensions → DOM
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: