Closed Bug 60619 Opened 24 years ago Closed 21 years ago

innerHTML escapes <>&' in script blocks and all html elements

Categories

(Core :: DOM: Core & HTML, defect, P4)

defect

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: testcase)

Attachments

(4 files)

innerHTML returns escaped versions of the <>& characters when they appear within <script> blocks. (Steve mentioned this problem on http://www.bookmarklets.com/tools/new.html yesterday.)
Attached file testcase (deleted) —
Confirmed that script.innerHTML escapes < and > on 2000-12-04-04/Win2k. Note however that < and > are is not escaped in script blocks if retrieved via document.body.innerHTML. Attaching test case.
OS: Windows 98 → All
Hardware: PC → All
Target Milestone: --- → mozilla1.0
Keywords: dom2
Component: DOM Level 2 → DOM HTML
I have created a javascript patch that fixes this problem. I wrote the patch for the Range object (see bug 30838) and had to fix the innerHTML bug on orphaned nodes (see bug 70613). When fixing that bug I seem to have also fixed this bug. You can download a copy of the JavaScript patch at http://pbwizard.com/Moz%20Patches/RangePatch.zip. This download also contains test cases that I used for testing my code. Since this patch is implemented in JavaScript it will have to be converted to C++ for proper implementation. If you have any questions or comments please e- mail me at PBWiz@PBWizard.com. Jeff Yates.
I'll see what I can do. Not guaranteeing anything.
Extending summary to cover bugs which I will be resolving as duplicates of this bug. Here is another test case: http://bugzilla.mozilla.org/showattachment.cgi?attach_id=30413
Summary: innerHTML escapes <>& in script blocks → innerHTML escapes <>&' in script blocks and all html elements
*** Bug 75543 has been marked as a duplicate of this bug. ***
*** Bug 75671 has been marked as a duplicate of this bug. ***
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1 (you can query for this string to delete spam or retrieve the list of bugs I've moved)
Target Milestone: mozilla1.0 → mozilla1.0.1
Need more info here. Is this affecting real world web sites? Is it "bad"? Tentatively marking P4, please speak up if you disagree. Sending to DOM Mozilla Extensions (innerHTML issue) Removing dom2 keyword... innerHTML is not part of DOM2.
Component: DOM HTML → DOM Mozilla Extensions
Keywords: dom2testcase
Priority: P3 → P4
Target Milestone: mozilla1.0.1 → ---
I experience also a problem with assigning innerHTML. During assigning of innerHTML of a just created (DOM) div, it converts & to &amp; (and do not touch < or >).
Vit: Do you have a testcase?
Sorry, false alarm. It was my problem.
Mass-reassigning bugs to dom_bugs@netscape.com
Assignee: jst → dom_bugs
Testcase 1 WFM build 2003052704, Windows 2000.
WFM Gecko/20031009 Firebird/0.7+ (aebrahim)
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
The first testcase works, and so do the first parts of the 2nd testcase, but the part where it says "Fire loaded function" doesn't appear to work still. Is this expected? Can you guys check the 2nd testcase and see if your results agree?
Brian: that's bug 147581 (invalid).
Jesse, the second part of the test case is somewhat different from what is claimed in bug 147581. In bug 147581, it is claimed that IE doesn't execute the scripts and that is a good enough reason for us not to do so. In this case, an inline script using DEFER is added via innerHTML and IE6 *will* execute the functions. IE will also load an external script if it is DEFERred. I will attach a test case. So, bug 147581 should really be about supporting DEFER on scripts. jst?
Attached file test case 2 (deleted) —
Attachment #133245 - Attachment mime type: text/javascript → application/x-javascript
test case 2 worked when running it as an example from the local disk, but doesn't work running the external script from bugzilla. It appears the & in the attachment url is escaped. Save test case 2 and it's script, edit to point to the external file and it will work in IE.
Component: DOM: Mozilla Extensions → DOM
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: