Bug 24019

I'm 90% sure that this is a bug in the JS on the website rather than a problem in WebKit. The site appears to construct HTML to insert in the page by appending strings, including generating style attributes. The padding is generated as follows: for(ri in ra) rt+="padding-"+l93[ri]+":"+ra[ri]+";"; where ra is an Array instance. The page uses Mootools which extends the Array prototype to include many extra methods. This results in iterating over the array returning these extra properties: ["copy", "remove", "contains", "associate", "extend", "merge", "include", "getRandom", "getLast", "each", "test", "rgbToHex", "hexToRgb", "rgbToHsb", "hsbToRgb"] Their values are retrieved from the Array instance and converted to a string, resulting in "function copy(..) { .... }" being included as part of the style. This code is eventually written to the page using document.write. The quotes used for strings within the JS function that ends up as part of the style are the same type as is used to enclose the style attribute itself, meaning that an attribute is ended and the string becomes the content of the element.

The behavior has changed since Safari 3.2.1 (where the page looks fine) and r41018, so this should at least be marked as a regression. It works fine in Firefox too.

The furthest build back that I'm able to test (r37300) shows the same regressed behavior. Either it's a regression, or there is some user agent specific code path that does the wrong thing with webkit nightlies. I can't test earlier builds due to bug 23342 which is a WONTFIX.

Regression->P1.

<rdar://problem/6607026>

(In reply to comment #0) > Generated java script code is visible in the page. Its not able to handle > pbrowser_dom.js java script. Excluding this script it works fine. > This was not observed in 3.0 but after java script implementation change this is observed.

This works for me. It might've been fixed by a site change. Please reopen if you still see it.