innerHTML escapes <>&' in script blocks and all html elements




18 years ago
5 years ago


(Reporter: Jesse Ruderman, Unassigned)




Firefox Tracking Flags

(Not tracked)



(4 attachments)



18 years ago
innerHTML returns escaped versions of the <>& characters when they appear 
within <script> blocks.  (Steve mentioned this problem on yesterday.)

Comment 1

18 years ago
Created attachment 19463 [details]

Comment 2

18 years ago
Confirmed that script.innerHTML escapes < and > on 2000-12-04-04/Win2k.

Note however that < and > are is not escaped in script blocks if retrieved via
document.body.innerHTML. Attaching test case.

Comment 3

18 years ago
Created attachment 20189 [details]
illustrate <,> escaped in script.innerHTML but not in document.body.innerHTML


18 years ago
OS: Windows 98 → All
Hardware: PC → All
Target Milestone: --- → mozilla1.0
Keywords: dom2
Component: DOM Level 2 → DOM HTML

Comment 4

17 years ago
I have created a javascript patch that fixes this problem.  I wrote the patch 
for the Range object (see bug 30838) and had to fix the innerHTML bug on 
orphaned nodes (see bug 70613).  When fixing that bug I seem to have also fixed 
this bug.

You can download a copy of the JavaScript patch at  This download also contains 
test cases that I used for testing my code.

Since this patch is implemented in JavaScript it will have to be converted to 
C++ for proper implementation.  If you have any questions or comments please e-
mail me at

Jeff Yates.
I'll see what I can do. Not guaranteeing anything.

Comment 6

17 years ago
Extending summary to cover bugs which I will be resolving as duplicates of this 

Here is another test case:
Summary: innerHTML escapes <>& in script blocks → innerHTML escapes <>&' in script blocks and all html elements

Comment 7

17 years ago
*** Bug 75543 has been marked as a duplicate of this bug. ***

Comment 8

17 years ago
*** Bug 75671 has been marked as a duplicate of this bug. ***

Comment 9

17 years ago
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1 
(you can query for this string to delete spam or retrieve the list of bugs I've 
Target Milestone: mozilla1.0 → mozilla1.0.1

Comment 10

16 years ago
Need more info here. Is this affecting real world web sites? Is it "bad"?
Tentatively marking P4, please speak up if you disagree. 
Sending to DOM Mozilla Extensions (innerHTML issue)
Removing dom2 keyword... innerHTML is not part of DOM2.
Component: DOM HTML → DOM Mozilla Extensions
Keywords: dom2 → testcase
Priority: P3 → P4


16 years ago
Target Milestone: mozilla1.0.1 → ---

Comment 11

15 years ago
I experience also a problem with assigning innerHTML. During assigning of
innerHTML of a just created (DOM) div, it converts & to &amp; (and do not touch
< or >).
Vit: Do you have a testcase?

Comment 13

15 years ago
Sorry, false alarm. It was my problem.
Mass-reassigning bugs to
Assignee: jst → dom_bugs

Comment 15

15 years ago
Testcase 1 WFM build 2003052704, Windows 2000.

Comment 16

15 years ago
WFM Gecko/20031009 Firebird/0.7+ (aebrahim)
Last Resolved: 15 years ago
Resolution: --- → WORKSFORME
The first testcase works, and so do the first parts of the 2nd testcase, but the
part where it says "Fire loaded function" doesn't appear to work still. Is this
expected? Can you guys check the 2nd testcase and see if your results agree?

Comment 18

15 years ago
Brian: that's bug 147581 (invalid).

Comment 19

15 years ago
Jesse, the second part of the test case is somewhat different from what is
claimed in bug 147581. In bug 147581, it is claimed that IE doesn't execute the
scripts and that is a good enough reason for us not to do so. In this case, an
inline script using DEFER is added via innerHTML and IE6 *will* execute the
functions. IE will also load an external script if it is DEFERred. I will attach
a test case.

So, bug 147581 should really be about supporting DEFER on scripts.


Comment 20

15 years ago
Created attachment 133245 [details]
external script for test case 2

Comment 21

15 years ago
Created attachment 133246 [details]
test case 2


15 years ago
Attachment #133245 - Attachment mime type: text/javascript → application/x-javascript

Comment 22

15 years ago
test case 2 worked when running it as an example from the local disk, but
doesn't work running the external script from bugzilla. It appears the & in the
attachment url is escaped. Save test case 2 and it's script, edit to point to
the external file and it will work in IE.
Component: DOM: Mozilla Extensions → DOM
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.