Open Bug 694670 Opened 14 years ago Updated 3 years ago

<script href=""> probably shouldn't try to re-parse our document as JS (likewise for <svg:script xlink:href="">)

Categories

(Core :: DOM: Core & HTML, defect, P5)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

People

(Reporter: dholbert, Unassigned)

References

Details

The fix for bug 528444 just landed, which changed our behavior on content like: > <svg:script xlink:href=""> > alert("FAIL"); > </svg:script> Previously, we treated that as if xlink:href weren't set at all. But now we: (a) resolve "" as "this document's URI", and attempt (& fail) to reparse the document as javascript) (b) ignore the inline script, since xlink:href is set Per bug 528444 comment 1 and bug 528444 comment 16, we definitely want part "b" (ignore inline script) but we don't necessarily want part "a". (for consistency with our HTML behavior, and also because it's almost certainly not what the author wants/expects) I'm filing this bug on possibly removing part "a" above.
This *is* consistent with out current html behaviour. void nsHTMLScriptElement::FreezeUriAsyncDefer() { if (mFrozen) { return; } // variation of this code in nsSVGScriptElement - check if changes // need to be transfered when modifying if (HasAttr(kNameSpaceID_None, nsGkAtoms::src)) { ... bool nsHTMLScriptElement::HasScriptContent() { return (mFrozen ? mExternal : HasAttr(kNameSpaceID_None, nsGkAtoms::src)) || nsContentUtils::HasNonEmptyTextContent(this); } If it needs fixing then it needs fixing for both SVG and html at the same time and this shouldn't be an SVG bug but some general content bug I expect.
OK -- Jonas, so by > we have moved towards letting <someelement src=""> not load anything. I take it you meant "we're moving in that direction but haven't made that change for html:script yet? (and if so, could you suggest a new component for this bug to live in, to be about both html:script and svg:script?)
We already did it for images perhaps that's what Jonas was thinking of.
Yeah, it appears we haven't done this for HTML script elements yet. Feel free to do those in this bug too. Note that we'll want to mark the script as "executed" even if it just has an empty src attribute. So the place to fix this is likely somewhere here: http://mxr.mozilla.org/mozilla-central/source/content/html/content/src/nsHTMLScriptElement.cpp?force=1#306 where it should set mUri to null.
Component: SVG → DOM
QA Contact: general → general
Summary: SVG <script xlink:href=""> probably shouldn't try to re-parse our document as JS → <script href=""> probably shouldn't try to re-parse our document as JS (likewise for <svg:script xlink:href="")
Summary: <script href=""> probably shouldn't try to re-parse our document as JS (likewise for <svg:script xlink:href="") → <script href=""> probably shouldn't try to re-parse our document as JS (likewise for <svg:script xlink:href="">)
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046 Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5. If you have questions, please contact :mdaly.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.