Steps to reproduce: 1) Set html5.enable to true 2) Load http://www.dabs.com/ Actual results: A late document.write for a verisign badge blows away the document. Expected results: For Web compat, expected not to blow away the document. Additional info: This happens with and without the patch for bug 503473.
As far as I can tell, the behavior here is per spec. dabs.com includes the script https://seal.globalsign.com/SiteSeal/gs_image_100-50_en.js as a defer script and the script calls document.write(). So what are we going to do about it? Shall we assume that this is an isolated case and contact the site? Shall we hack document.write() from defer scripts into a no-op or make it throw? I'd really like to avoid making defer scripts actually write to the stream since doing that would complicate the EOF handling with the speculative HTML5 parser.
The Verisign script has ss_defer_enabled = ss_msie || ss_ff35higher; Maybe we should contact Verisign.
The site works if I spoof the UA string as Firefox/3.5.
How come it doesn't break in IE? I thought doc.write in a deferred script blew away the doc there too.
(In reply to comment #5) > How come it doesn't break in IE? I thought doc.write in a deferred script blew > away the doc there too. They sniff for IE and Firefox 3.5 or later. They take the code path that works with defer only in browsers that sniff as IE or Firefox 3.5 (and Minefield doesn't sniff as Firefox 3.5). I spoofed Minefield as Firefox/3.7.1, and the page wasn't blown away, so this issue isn't going to be visible in Firefox release builds. However, this is still a problem for other Gecko-based browsers and any other browser that tries to implement defer. I think this bug should go over to Tech Evangelism now.
Resummarizing for Tech Evangelism: The script https://seal.globalsign.com/SiteSeal/gs_image_100-50_en.js is meant to be included via <script src="https://seal.globalsign.com/SiteSeal/gs_image_100-50_en.js" defer="defer">. (Presumably, it would be hard to make all references to the script remove the defer attribute.) When called from a defer script, document.write() blanks the document in browsers that correctly support defer. The script calls document.write() unless it sniffs the browser as IE, as Firefox 3.5 or later or as Netscape Navigator 4. This means the unsafe code runs in any 'unknown' browser that supports defer (currently any non-Firefox Gecko-based browser but in the future potentially also non-Gecko browsers). The correct remedy is never to call document.write() in that script. The script already returns early for MSIE 4 and Netscape 4, and the non-document.write() code path should work fine in MSIE 5 or later, any Gecko-based browser, any WebKit-based browser and version of Opera since Opera 7 and in any standards-based unknown browser.
Looks like this site has fixed itself.