Closed Bug 486958 Opened 15 years ago Closed 15 years ago

Firefox parses </script> in a string even if it's commented (only on header section). and then javascript execution broken. the following code appears in the web page.

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 32618

People

(Reporter: ace.of.zerosync, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7) Gecko/2009022800 SUSE/3.0.7-1.1.6 Firefox/3.0.7
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7) Gecko/2009022800 SUSE/3.0.7-1.1.6 Firefox/3.0.7

I've done a web page like this to open a popup containing a flvplayer.

**************************************************
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Test</title>



<script language="javascript">

<!--

function writeFLV(movie) {

	var prn = window.open('', 'prn', 'width=720, height=480, toolbar=0, location=0, status=0, menubar=0, scrollbars=0, resizable=0');



	var txt = new String(

						 "<div id=\"" + movie + "\">"

						 + "<script language=\"javascript\">"

						 + "var movie = '" + movie + "';"

						 + "var fo = new SWFObject('flvplayer.swf', movie, '720', '480', '9', '#000000');"

						 + "fo.useExpressInstall('expressinstall.swf');"

						 + "fo.setAttribute('xiRedirectUrl', 'http://www.babaei.net/');"

						 + "fo.addVariable(\"config\", \"{videoFile: 'movies/\" + movie + \".flv' ,controlBarGloss: 'high', controlsOverVideo: 'ease', showFullScreenButton: false, showMenu: false, autoPlay: true, autoBuffering:true}\");"

						 + "fo.write(movie);"

						 + "</script>");



	var hStart = new String('<html><head><title></title><script language="javascript" src="swfobject.js"></script></head><body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0" style="margin: 0; background: #000">');

	var hStop = new String("</body></html>");

	

	with(prn.document) {

		open();

		write(hStart + txt + hStop);

		close();

	}

}

// -->

</script>

</head>



<body>



<a href="javascript:writeFLV('babaei');" title="Click to play the video in new window"><img src="flvplayer.png" title="Click to play the video in new window" alt="Click to play the video in new window" /></a>



</div>

</body>

</html>

*******************************************

I've tested it on Mac OS X Leopard (with Firefox 3.0.8, Safari, Opera), openSUSE 11.1 and Gentoo (Firefox 3.0.7, Konqueror, Opera),  and Windows XP x86 (Firefox 3.0.8, IE 6.0, Opera) and only Firefox broken.
If I remove <!-- and // --> in <script></script> section Firefox + all the other browsers broken. But with them (HTML Comments) only Firefox broken.

When I open error Console it says:
"""unterminated string literal (Line: 21)"""

and if I click on the error message the Page Source appears and colorize the </script> in the last line of txt variable as the end of script.
*************************************
	var txt = new String(

						 "<div id=\"" + movie + "\">"

						 + "<script language=\"javascript\">"

						 + "var movie = '" + movie + "';"

						 + "var fo = new SWFObject('flvplayer.swf', movie, '720', '480', '9', '#000000');"

						 + "fo.useExpressInstall('expressinstall.swf');"

						 + "fo.setAttribute('xiRedirectUrl', 'http://www.babaei.net/');"

						 + "fo.addVariable(\"config\", \"{videoFile: 'movies/\" + movie + \".flv' ,controlBarGloss: 'high', controlsOverVideo: 'ease', showFullScreenButton: false, showMenu: false, autoPlay: true, autoBuffering:true}\");"

						 + "fo.write(movie);"

						 + "</script>");  // it's colorized
*************************************

If I comment the code with /* */ or // again Firefox see it as the end of <script> section.

*************************************
/*
	var txt = new String(

						 "<div id=\"" + movie + "\">"

						 + "<script language=\"javascript\">"

						 + "var movie = '" + movie + "';"

						 + "var fo = new SWFObject('flvplayer.swf', movie, '720', '480', '9', '#000000');"

						 + "fo.useExpressInstall('expressinstall.swf');"

						 + "fo.setAttribute('xiRedirectUrl', 'http://www.babaei.net/');"

						 + "fo.addVariable(\"config\", \"{videoFile: 'movies/\" + movie + \".flv' ,controlBarGloss: 'high', controlsOverVideo: 'ease', showFullScreenButton: false, showMenu: false, autoPlay: true, autoBuffering:true}\");"

						 + "fo.write(movie);"

						 + "</script>"); // it's colorized
*/

// or "</script>"
// it's colorized
*************************************

from "); after </script> untile the end appears in the webpage as text contents.


The only way I have is to place the JavaScript code in to the externeal file and call the only function I have from there.

Reproducible: Always
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.