Summary: | source visible when <script> used inside <option> | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Antti Koivisto <koivisto> | ||||||||
Component: | Forms | Assignee: | Adele Peterson <adele> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | Normal | ||||||||||
Priority: | P2 | ||||||||||
Version: | 420+ | ||||||||||
Hardware: | Mac | ||||||||||
OS: | OS X 10.4 | ||||||||||
Attachments: |
|
Description
Antti Koivisto
2005-10-16 22:08:13 PDT
Created attachment 4375 [details]
test case
Gecko/IE show this correctly, tested with TOT
Created attachment 4393 [details]
patch
The problem is that the DTD does not allow <script> as a child of <option>.
Insertion fails in the parser but the text content gets inserted anyway,
becoming visible. This patch adds script as a legal child element for option
and changes HTMLOptionElementImpl::text() method to ignore the script content.
This seems to match Gecko's behaviour.
Comment on attachment 4393 [details]
patch
r=me
Comment on attachment 4393 [details]
patch
Needs to use traverseNextSibling(this), rather than nextSibling(). Otherwise we
could get stuck if there's something in there with a child that's a script tag
(in theory).
Also, what about <style> tags?
(In reply to comment #4) > (From update of attachment 4393 [details] [edit]) > Needs to use traverseNextSibling(this), rather than nextSibling(). Otherwise we > could get stuck if there's something in there with a child that's a script tag > (in theory). True (in theory). > Also, what about <style> tags? What about them? Created attachment 4467 [details]
updated patch
use traverseNextSibling(this) instead of nextSibling()
I still don't get the comment about <style> tags
<style> tags aren't relevant here, since they should in theory be found to be illegal and moved to the head. Comment on attachment 4467 [details]
updated patch
Looks fine, r=me.
Somehow I missed the part about changing the DTD to allow <script> inside <select>. Clearly there's no issue with <style>. Looks like we're ready to go here. I committed this change. |