Closed
Bug 60619
Opened 24 years ago
Closed 21 years ago
innerHTML escapes <>&' in script blocks and all html elements
Categories
(Core :: DOM: Core & HTML, defect, P4)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: testcase)
Attachments
(4 files)
innerHTML returns escaped versions of the <>& characters when they appear
within <script> blocks. (Steve mentioned this problem on
http://www.bookmarklets.com/tools/new.html yesterday.)
Reporter | ||
Comment 1•24 years ago
|
||
Comment 2•24 years ago
|
||
Confirmed that script.innerHTML escapes < and > on 2000-12-04-04/Win2k.
Note however that < and > are is not escaped in script blocks if retrieved via
document.body.innerHTML. Attaching test case.
Comment 3•24 years ago
|
||
Updated•24 years ago
|
OS: Windows 98 → All
Hardware: PC → All
Target Milestone: --- → mozilla1.0
Updated•24 years ago
|
Component: DOM Level 2 → DOM HTML
Comment 4•24 years ago
|
||
I have created a javascript patch that fixes this problem. I wrote the patch
for the Range object (see bug 30838) and had to fix the innerHTML bug on
orphaned nodes (see bug 70613). When fixing that bug I seem to have also fixed
this bug.
You can download a copy of the JavaScript patch at
http://pbwizard.com/Moz%20Patches/RangePatch.zip. This download also contains
test cases that I used for testing my code.
Since this patch is implemented in JavaScript it will have to be converted to
C++ for proper implementation. If you have any questions or comments please e-
mail me at PBWiz@PBWizard.com.
Jeff Yates.
Comment 5•24 years ago
|
||
I'll see what I can do. Not guaranteeing anything.
Comment 6•23 years ago
|
||
Extending summary to cover bugs which I will be resolving as duplicates of this
bug.
Here is another test case:
http://bugzilla.mozilla.org/showattachment.cgi?attach_id=30413
Summary: innerHTML escapes <>& in script blocks → innerHTML escapes <>&' in script blocks and all html elements
Comment 9•23 years ago
|
||
Bugs targeted at mozilla1.0 without the mozilla1.0 keyword moved to mozilla1.0.1
(you can query for this string to delete spam or retrieve the list of bugs I've
moved)
Target Milestone: mozilla1.0 → mozilla1.0.1
Comment 10•23 years ago
|
||
Need more info here. Is this affecting real world web sites? Is it "bad"?
Tentatively marking P4, please speak up if you disagree.
Sending to DOM Mozilla Extensions (innerHTML issue)
Removing dom2 keyword... innerHTML is not part of DOM2.
Updated•22 years ago
|
Target Milestone: mozilla1.0.1 → ---
Comment 11•22 years ago
|
||
I experience also a problem with assigning innerHTML. During assigning of
innerHTML of a just created (DOM) div, it converts & to & (and do not touch
< or >).
Comment 12•22 years ago
|
||
Vit: Do you have a testcase?
Comment 13•22 years ago
|
||
Sorry, false alarm. It was my problem.
Comment 15•22 years ago
|
||
Testcase 1 WFM build 2003052704, Windows 2000.
Reporter | ||
Comment 16•21 years ago
|
||
WFM Gecko/20031009 Firebird/0.7+ (aebrahim)
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
Comment 17•21 years ago
|
||
The first testcase works, and so do the first parts of the 2nd testcase, but the
part where it says "Fire loaded function" doesn't appear to work still. Is this
expected? Can you guys check the 2nd testcase and see if your results agree?
Reporter | ||
Comment 18•21 years ago
|
||
Brian: that's bug 147581 (invalid).
Comment 19•21 years ago
|
||
Jesse, the second part of the test case is somewhat different from what is
claimed in bug 147581. In bug 147581, it is claimed that IE doesn't execute the
scripts and that is a good enough reason for us not to do so. In this case, an
inline script using DEFER is added via innerHTML and IE6 *will* execute the
functions. IE will also load an external script if it is DEFERred. I will attach
a test case.
So, bug 147581 should really be about supporting DEFER on scripts.
jst?
Comment 20•21 years ago
|
||
Comment 21•21 years ago
|
||
Updated•21 years ago
|
Attachment #133245 -
Attachment mime type: text/javascript → application/x-javascript
Comment 22•21 years ago
|
||
test case 2 worked when running it as an example from the local disk, but
doesn't work running the external script from bugzilla. It appears the & in the
attachment url is escaped. Save test case 2 and it's script, edit to point to
the external file and it will work in IE.
Updated•12 years ago
|
Component: DOM: Mozilla Extensions → DOM
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•