Bug 5398

Summary: source visible when <script> used inside <option>
Product: WebKit Reporter: Antti Koivisto <koivisto>
Component: FormsAssignee: Adele Peterson <adele>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
test case
none
patch
darin: review-
updated patch darin: review+

Antti Koivisto
Reported 2005-10-16 22:08:13 PDT
When <script> is used inside <option> the script source (along with the result) is visible in the rendered select list.
Attachments
test case (93 bytes, text/html)
2005-10-16 22:11 PDT, Antti Koivisto 		no flags
Details
patch (1.61 KB, patch)
2005-10-17 20:01 PDT, Antti Koivisto 		darin: review-
DetailsFormatted DiffDiff
updated patch (1.66 KB, patch)
2005-10-24 22:48 PDT, Antti Koivisto 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2005-10-16 22:11:25 PDT
Created attachment 4375 [details] test case Gecko/IE show this correctly, tested with TOT
Antti Koivisto
Comment 2 2005-10-17 20:01:56 PDT
Created attachment 4393 [details] patch The problem is that the DTD does not allow <script> as a child of <option>. Insertion fails in the parser but the text content gets inserted anyway, becoming visible. This patch adds script as a legal child element for option and changes HTMLOptionElementImpl::text() method to ignore the script content. This seems to match Gecko's behaviour.
Dave Hyatt
Comment 3 2005-10-17 20:37:06 PDT
Comment on attachment 4393 [details] patch r=me
Darin Adler
Comment 4 2005-10-18 09:52:33 PDT
Comment on attachment 4393 [details] patch Needs to use traverseNextSibling(this), rather than nextSibling(). Otherwise we could get stuck if there's something in there with a child that's a script tag (in theory). Also, what about <style> tags?
Antti Koivisto
Comment 5 2005-10-18 10:41:51 PDT
(In reply to comment #4) > (From update of attachment 4393 [details] [edit]) > Needs to use traverseNextSibling(this), rather than nextSibling(). Otherwise we > could get stuck if there's something in there with a child that's a script tag > (in theory). True (in theory). > Also, what about <style> tags? What about them?
Antti Koivisto
Comment 6 2005-10-24 22:48:26 PDT
Created attachment 4467 [details] updated patch use traverseNextSibling(this) instead of nextSibling() I still don't get the comment about <style> tags
Dave Hyatt
Comment 7 2005-10-24 22:51:38 PDT
<style> tags aren't relevant here, since they should in theory be found to be illegal and moved to the head.
Darin Adler
Comment 8 2005-10-25 08:18:56 PDT
Comment on attachment 4467 [details] updated patch Looks fine, r=me.
Darin Adler
Comment 9 2005-10-25 09:02:29 PDT
Somehow I missed the part about changing the DTD to allow <script> inside <select>. Clearly there's no issue with <style>. Looks like we're ready to go here.
Adele Peterson
Comment 10 2005-11-07 14:30:04 PST
I committed this change.
Note You need to log in before you can comment on or make changes to this bug.