663316 - Script element added using 'innerHTML' mechanism might got executed automatically if we call 'appendChild' later

Status: RESOLVED DUPLICATE of bug 645115

(Core :: DOM: Core & HTML, defect)

Description

[Yudhi Hamzah]

User-Agent:       Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Safari/534.30
Build Identifier: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

In our application, we put some text fetched from ajax response, which may contains some <script> tags. Previously we just put the text using 'innerHTML' mechanism, and then evaluate all <script> tags manually because for some reason, we need to execute it later. It was works well in every browser (all version of IEs, FF2, FF3, safari, opera, chrome, etc), but when we do our testing in FF4, we found that the <script> element might got executed automatically by the browser if we call 'appendChild' later.

I attach the small script that i created to reproduce the problem.

When you click the button in FF4, it will show 2 lines, indicating that the 'log' function is executed when i call 'wrapper.appendChild(area_1);' (but the first line did not displays 'six', means that the last log call did not executed. weird). The other browser will only display 1 line (expected result).

Reproducible: Always

Steps to Reproduce:
1. create a file, paste my script, open it in FF4
2. click the button

Actual Results:  
it will show two lines, indicating that the javascript get executed when i call append child

Expected Results:  
it will only show one line, indicating that the javascript is not executed when i call append child

Comment 1

[Yudhi Hamzah]

Attachment: Test case

Test case

Comment 2

[Boris Zbarsky [:bzbarsky]]

Thank you for the bug report!  This bug has been fixed for Firefox 5, which should be shipping in less than 2 weeks.