When <script> is used inside <option> the script source (along with the result) is visible in the rendered select list.
Created attachment 4375 [details] test case Gecko/IE show this correctly, tested with TOT
Created attachment 4393 [details] patch The problem is that the DTD does not allow <script> as a child of <option>. Insertion fails in the parser but the text content gets inserted anyway, becoming visible. This patch adds script as a legal child element for option and changes HTMLOptionElementImpl::text() method to ignore the script content. This seems to match Gecko's behaviour.
Comment on attachment 4393 [details] patch r=me
Comment on attachment 4393 [details] patch Needs to use traverseNextSibling(this), rather than nextSibling(). Otherwise we could get stuck if there's something in there with a child that's a script tag (in theory). Also, what about <style> tags?
(In reply to comment #4) > (From update of attachment 4393 [details] [edit]) > Needs to use traverseNextSibling(this), rather than nextSibling(). Otherwise we > could get stuck if there's something in there with a child that's a script tag > (in theory). True (in theory). > Also, what about <style> tags? What about them?
Created attachment 4467 [details] updated patch use traverseNextSibling(this) instead of nextSibling() I still don't get the comment about <style> tags
<style> tags aren't relevant here, since they should in theory be found to be illegal and moved to the head.
Comment on attachment 4467 [details] updated patch Looks fine, r=me.
Somehow I missed the part about changing the DTD to allow <script> inside <select>. Clearly there's no issue with <style>. Looks like we're ready to go here.
I committed this change.