5398 2005-10-16 22:08:13 -0700 source visible when <script> used inside <option> 2005-11-07 14:30:04 -0800 1 1 1 Unclassified WebKit Forms 420+ Mac OS X 10.4 RESOLVED FIXED P2 Normal --- 1 koivisto adele oldest_to_newest 22146 0 koivisto 2005-10-16 22:08:13 -0700 When <script> is used inside <option> the script source (along with the result) is visible in the rendered select list. 22147 1 4375 koivisto 2005-10-16 22:11:25 -0700 Created attachment 4375 test case Gecko/IE show this correctly, tested with TOT 22187 2 4393 koivisto 2005-10-17 20:01:56 -0700 Created attachment 4393 patch The problem is that the DTD does not allow <script> as a child of <option>. Insertion fails in the parser but the text content gets inserted anyway, becoming visible. This patch adds script as a legal child element for option and changes HTMLOptionElementImpl::text() method to ignore the script content. This seems to match Gecko's behaviour. 22189 3 4393 hyatt 2005-10-17 20:37:06 -0700 Comment on attachment 4393 patch r=me 22219 4 4393 darin 2005-10-18 09:52:33 -0700 Comment on attachment 4393 patch Needs to use traverseNextSibling(this), rather than nextSibling(). Otherwise we could get stuck if there's something in there with a child that's a script tag (in theory). Also, what about <style> tags? 22222 5 koivisto 2005-10-18 10:41:51 -0700 (In reply to comment #4) > (From update of attachment 4393 [edit]) > Needs to use traverseNextSibling(this), rather than nextSibling(). Otherwise we > could get stuck if there's something in there with a child that's a script tag > (in theory). True (in theory). > Also, what about <style> tags? What about them? 22876 6 4467 koivisto 2005-10-24 22:48:26 -0700 Created attachment 4467 updated patch use traverseNextSibling(this) instead of nextSibling() I still don't get the comment about <style> tags 22877 7 hyatt 2005-10-24 22:51:38 -0700 <style> tags aren't relevant here, since they should in theory be found to be illegal and moved to the head. 22913 8 4467 darin 2005-10-25 08:18:56 -0700 Comment on attachment 4467 updated patch Looks fine, r=me. 22920 9 darin 2005-10-25 09:02:29 -0700 Somehow I missed the part about changing the DTD to allow <script> inside <select>. Clearly there's no issue with <style>. Looks like we're ready to go here. 23799 10 adele 2005-11-07 14:30:04 -0800 I committed this change. 4375 2005-10-16 22:11:25 -0700 2005-10-16 22:11:25 -0700 test case option-script.html text/html 93 koivisto PGh0bWw+Cjxib2R5Pgo8c2VsZWN0Pgo8b3B0aW9uPgo8c2NyaXB0PmRvY3VtZW50LndyaXRlKCdz dHVmZicpPC9zY3JpcHQ+Cjwvc2VsZWN0Pgo8L2J1dHRvbj4K 4393 2005-10-17 20:01:56 -0700 2005-10-24 22:48:26 -0700 patch option-script.patch text/plain 1646 koivisto SW5kZXg6IGh0bWxfZm9ybWltcGwuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC9jdnMvcm9vdC9X ZWJDb3JlL2todG1sL2h0bWwvaHRtbF9mb3JtaW1wbC5jcHAsdgpyZXRyaWV2aW5nIHJldmlzaW9u IDEuMTk4CmRpZmYgLXAgLXUgLXIxLjE5OCBodG1sX2Zvcm1pbXBsLmNwcAotLS0gaHRtbF9mb3Jt aW1wbC5jcHAJOSBPY3QgMjAwNSAwMzozMTowOSAtMDAwMAkxLjE5OAorKysgaHRtbF9mb3JtaW1w bC5jcHAJMTggT2N0IDIwMDUgMDI6NTM6MzQgLTAwMDAKQEAgLTM0MzYsMTAgKzM0MzYsMTUgQEAg RE9NU3RyaW5nIEhUTUxPcHRpb25FbGVtZW50SW1wbDo6dGV4dCgpIAogICAgICAgICAgICAgcmV0 dXJuIHRleHQ7CiAgICAgfQogCi0gICAgY29uc3QgTm9kZUltcGwgKm4gPSB0aGlzOwotICAgIHdo aWxlICgobiA9IG4tPnRyYXZlcnNlTmV4dE5vZGUodGhpcykpKSB7CisgICAgY29uc3QgTm9kZUlt cGwgKm4gPSB0aGlzLT5maXJzdENoaWxkKCk7CisgICAgd2hpbGUgKG4pIHsKICAgICAgICAgaWYg KG4tPm5vZGVUeXBlKCkgPT0gTm9kZTo6VEVYVF9OT0RFIHx8IG4tPm5vZGVUeXBlKCkgPT0gTm9k ZTo6Q0RBVEFfU0VDVElPTl9OT0RFKQogICAgICAgICAgICAgdGV4dCArPSBuLT5ub2RlVmFsdWUo KTsKKyAgICAgICAgLy8gc2tpcCBzY3JpcHQgY29udGVudAorICAgICAgICBpZiAobi0+aXNFbGVt ZW50Tm9kZSgpICYmIG4tPmhhc1RhZ05hbWUoSFRNTE5hbWVzOjpzY3JpcHRUYWcpKQorICAgICAg ICAgICAgbiA9IG4tPm5leHRTaWJsaW5nKCk7CisgICAgICAgIGVsc2UKKyAgICAgICAgICAgIG4g PSBuLT50cmF2ZXJzZU5leHROb2RlKHRoaXMpOwogICAgIH0KIAogICAgIHJldHVybiB0ZXh0OwpJ bmRleDogaHRtbF9mb3JtaW1wbC5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC9jdnMvcm9vdC9XZWJD b3JlL2todG1sL2h0bWwvaHRtbF9mb3JtaW1wbC5oLHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjkw CmRpZmYgLXAgLXUgLXIxLjkwIGh0bWxfZm9ybWltcGwuaAotLS0gaHRtbF9mb3JtaW1wbC5oCTI4 IFNlcCAyMDA1IDIyOjAxOjM2IC0wMDAwCTEuOTAKKysrIGh0bWxfZm9ybWltcGwuaAkxOCBPY3Qg MjAwNSAwMjo1MzozNSAtMDAwMApAQCAtNjg2LDcgKzY4Niw3IEBAIHB1YmxpYzoKIAogICAgIHZp cnR1YWwgSFRNTFRhZ1N0YXR1cyBlbmRUYWdSZXF1aXJlbWVudCgpIGNvbnN0IHsgcmV0dXJuIFRh Z1N0YXR1c09wdGlvbmFsOyB9CiAgICAgdmlydHVhbCBpbnQgdGFnUHJpb3JpdHkoKSBjb25zdCB7 IHJldHVybiAyOyB9Ci0gICAgdmlydHVhbCBib29sIGNoZWNrRFREKGNvbnN0IE5vZGVJbXBsKiBu ZXdDaGlsZCkgeyByZXR1cm4gbmV3Q2hpbGQtPmlzVGV4dE5vZGUoKTsgfQorICAgIHZpcnR1YWwg Ym9vbCBjaGVja0RURChjb25zdCBOb2RlSW1wbCogbmV3Q2hpbGQpIHsgcmV0dXJuIG5ld0NoaWxk LT5pc1RleHROb2RlKCkgfHwgbmV3Q2hpbGQtPmhhc1RhZ05hbWUoSFRNTE5hbWVzOjpzY3JpcHRU YWcpOyB9CiAKICAgICB2aXJ0dWFsIGJvb2wgaXNGb2N1c2FibGUoKSBjb25zdDsKIAo= 4467 2005-10-24 22:48:26 -0700 2005-10-25 08:18:56 -0700 updated patch option-script2.patch text/plain 1698 koivisto SW5kZXg6IGh0bWwvaHRtbF9mb3JtaW1wbC5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9y b290L1dlYkNvcmUva2h0bWwvaHRtbC9odG1sX2Zvcm1pbXBsLmNwcCx2CnJldHJpZXZpbmcgcmV2 aXNpb24gMS4xOTgKZGlmZiAtcCAtdSAtcjEuMTk4IGh0bWwvaHRtbF9mb3JtaW1wbC5jcHAKLS0t IGh0bWwvaHRtbF9mb3JtaW1wbC5jcHAJOSBPY3QgMjAwNSAwMzozMTowOSAtMDAwMAkxLjE5OAor KysgaHRtbC9odG1sX2Zvcm1pbXBsLmNwcAkyNSBPY3QgMjAwNSAwNTo0Nzo0NyAtMDAwMApAQCAt MzQzNiwxMCArMzQzNiwxNSBAQCBET01TdHJpbmcgSFRNTE9wdGlvbkVsZW1lbnRJbXBsOjp0ZXh0 KCkgCiAgICAgICAgICAgICByZXR1cm4gdGV4dDsKICAgICB9CiAKLSAgICBjb25zdCBOb2RlSW1w bCAqbiA9IHRoaXM7Ci0gICAgd2hpbGUgKChuID0gbi0+dHJhdmVyc2VOZXh0Tm9kZSh0aGlzKSkp IHsKKyAgICBjb25zdCBOb2RlSW1wbCAqbiA9IHRoaXMtPmZpcnN0Q2hpbGQoKTsKKyAgICB3aGls ZSAobikgewogICAgICAgICBpZiAobi0+bm9kZVR5cGUoKSA9PSBOb2RlOjpURVhUX05PREUgfHwg bi0+bm9kZVR5cGUoKSA9PSBOb2RlOjpDREFUQV9TRUNUSU9OX05PREUpCiAgICAgICAgICAgICB0 ZXh0ICs9IG4tPm5vZGVWYWx1ZSgpOworICAgICAgICAvLyBza2lwIHNjcmlwdCBjb250ZW50Cisg ICAgICAgIGlmIChuLT5pc0VsZW1lbnROb2RlKCkgJiYgbi0+aGFzVGFnTmFtZShIVE1MTmFtZXM6 OnNjcmlwdFRhZykpCisgICAgICAgICAgICBuID0gbi0+dHJhdmVyc2VOZXh0U2libGluZyh0aGlz KTsKKyAgICAgICAgZWxzZQorICAgICAgICAgICAgbiA9IG4tPnRyYXZlcnNlTmV4dE5vZGUodGhp cyk7CiAgICAgfQogCiAgICAgcmV0dXJuIHRleHQ7CkluZGV4OiBodG1sL2h0bWxfZm9ybWltcGwu aAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09ClJDUyBmaWxlOiAvY3ZzL3Jvb3QvV2ViQ29yZS9raHRtbC9odG1sL2h0bWxf Zm9ybWltcGwuaCx2CnJldHJpZXZpbmcgcmV2aXNpb24gMS45MApkaWZmIC1wIC11IC1yMS45MCBo dG1sL2h0bWxfZm9ybWltcGwuaAotLS0gaHRtbC9odG1sX2Zvcm1pbXBsLmgJMjggU2VwIDIwMDUg MjI6MDE6MzYgLTAwMDAJMS45MAorKysgaHRtbC9odG1sX2Zvcm1pbXBsLmgJMjUgT2N0IDIwMDUg MDU6NDc6NDggLTAwMDAKQEAgLTY4Niw3ICs2ODYsNyBAQCBwdWJsaWM6CiAKICAgICB2aXJ0dWFs IEhUTUxUYWdTdGF0dXMgZW5kVGFnUmVxdWlyZW1lbnQoKSBjb25zdCB7IHJldHVybiBUYWdTdGF0 dXNPcHRpb25hbDsgfQogICAgIHZpcnR1YWwgaW50IHRhZ1ByaW9yaXR5KCkgY29uc3QgeyByZXR1 cm4gMjsgfQotICAgIHZpcnR1YWwgYm9vbCBjaGVja0RURChjb25zdCBOb2RlSW1wbCogbmV3Q2hp bGQpIHsgcmV0dXJuIG5ld0NoaWxkLT5pc1RleHROb2RlKCk7IH0KKyAgICB2aXJ0dWFsIGJvb2wg Y2hlY2tEVEQoY29uc3QgTm9kZUltcGwqIG5ld0NoaWxkKSB7IHJldHVybiBuZXdDaGlsZC0+aXNU ZXh0Tm9kZSgpIHx8IG5ld0NoaWxkLT5oYXNUYWdOYW1lKEhUTUxOYW1lczo6c2NyaXB0VGFnKTsg fQogCiAgICAgdmlydHVhbCBib29sIGlzRm9jdXNhYmxlKCkgY29uc3Q7CiAK