innerHTML does not escape "</script>" inside a script

RESOLVED INVALID

Status

()

Core
DOM
RESOLVED INVALID
12 years ago
5 years ago

People

(Reporter: Jesse Ruderman, Unassigned)

Tracking

({testcase})

Trunk
PowerPC
Mac OS X
testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

12 years ago
Steps to reproduce: 
1. Load the testcase, which uses DOM 2 Core to create a script node containing a text node containing the text "</script>".

Result:
  <script>j = "foo</script>bar"</script>

Expected:
  ???

I don't know what the correct innerHTML is.  http://www.w3.org/TR/html401/appendix/notes.html#notes-specifying-data isn't much help.
(Reporter)

Comment 1

12 years ago
Created attachment 240448 [details]
testcase
(Reporter)

Updated

12 years ago
Attachment #240448 - Attachment description: testcasce → testcase
(Reporter)

Comment 2

12 years ago
http://whatwg.org/specs/web-apps/current-work/#dynamic isn't much help either; it seems to claim that this behavior is correct.
This behaviour is correct. A script that sets a CDATA element's text node to contain the string "</" is invalid.
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → INVALID
Component: DOM: Mozilla Extensions → DOM
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.