Bug 5398 - source visible when <script> used inside <option>
Summary: source visible when <script> used inside <option>
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Forms (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P2 Normal
Assignee: Adele Peterson
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-10-16 22:08 PDT by Antti Koivisto
Modified: 2005-11-07 14:30 PST (History)
0 users

See Also:


Attachments
test case (93 bytes, text/html)
2005-10-16 22:11 PDT, Antti Koivisto
no flags Details
patch (1.61 KB, patch)
2005-10-17 20:01 PDT, Antti Koivisto
darin: review-
Details | Formatted Diff | Diff
updated patch (1.66 KB, patch)
2005-10-24 22:48 PDT, Antti Koivisto
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Antti Koivisto 2005-10-16 22:08:13 PDT
When <script> is used inside <option> the script source (along with the result) is visible in the rendered 
select list.
Comment 1 Antti Koivisto 2005-10-16 22:11:25 PDT
Created attachment 4375 [details]
test case

Gecko/IE show this correctly, tested with TOT
Comment 2 Antti Koivisto 2005-10-17 20:01:56 PDT
Created attachment 4393 [details]
patch

The problem is that the DTD does not allow <script> as a child of <option>.
Insertion fails in the parser but the text content gets inserted anyway,
becoming visible. This patch adds script as a legal child element for option
and changes HTMLOptionElementImpl::text() method to ignore the script content.
This seems to match Gecko's behaviour.
Comment 3 Dave Hyatt 2005-10-17 20:37:06 PDT
Comment on attachment 4393 [details]
patch

r=me
Comment 4 Darin Adler 2005-10-18 09:52:33 PDT
Comment on attachment 4393 [details]
patch

Needs to use traverseNextSibling(this), rather than nextSibling(). Otherwise we
could get stuck if there's something in there with a child that's a script tag
(in theory).

Also, what about <style> tags?
Comment 5 Antti Koivisto 2005-10-18 10:41:51 PDT
(In reply to comment #4)
> (From update of attachment 4393 [details] [edit])
> Needs to use traverseNextSibling(this), rather than nextSibling(). Otherwise we
> could get stuck if there's something in there with a child that's a script tag
> (in theory).

True (in theory).

> Also, what about <style> tags?

What about them?
Comment 6 Antti Koivisto 2005-10-24 22:48:26 PDT
Created attachment 4467 [details]
updated patch

use traverseNextSibling(this) instead of nextSibling()
I still don't get the comment about <style> tags
Comment 7 Dave Hyatt 2005-10-24 22:51:38 PDT
<style> tags aren't relevant here, since they should in theory be found to be illegal and moved to the 
head.
Comment 8 Darin Adler 2005-10-25 08:18:56 PDT
Comment on attachment 4467 [details]
updated patch

Looks fine, r=me.
Comment 9 Darin Adler 2005-10-25 09:02:29 PDT
Somehow I missed the part about changing the DTD to allow <script> inside <select>. Clearly there's no 
issue with <style>. Looks like we're ready to go here.
Comment 10 Adele Peterson 2005-11-07 14:30:04 PST
I committed this change.