Bug 17995 - <svg><script xlink:href="x"/></svg> doesn't run the script per spec
Summary: <svg><script xlink:href="x"/></svg> doesn't run the script per spec
Alias: None
Product: WHATWG
Classification: Unclassified
Component: HTML (show other bugs)
Version: unspecified
Hardware: Other other
: P3 normal
Target Milestone: Unsorted
Assignee: Ian 'Hixie' Hickson
QA Contact: contributor
URL: http://www.whatwg.org/specs/web-apps/...
Depends on:
Reported: 2012-07-18 07:31 UTC by contributor
Modified: 2012-08-09 23:40 UTC (History)
8 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description contributor 2012-07-18 07:31:07 UTC
This was was cloned from bug 16231 as part of operation convergence.
Originally filed: 2012-03-05 13:21:00 +0000

 #0   contributor@whatwg.org                          2012-03-05 13:21:24 +0000 
Specification: http://dev.w3.org/html5/spec/
Multipage: http://www.whatwg.org/C#top
Complete: http://www.whatwg.org/c#top

Why do I have to end the script tag when loading a script from an external

I have to do:
<script src="foo.js"></script>
I think it should be enough to do:
<script src="foo.js" />

Posted from:
User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
 #1   Anne                                            2012-03-05 13:45:29 +0000 
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document: <http://dev.w3.org/html5/decision-policy/decision-policy.html>.

Status: Rejected
Change Description: no spec change
Rationale: Proposed change breaks backwards compatibility and breaks compatibility with content such as <script/>alert("aliens")</script> which unfortunately exists.
 #2   Nicholas Stimpson                               2012-03-06 21:58:05 +0000 
(In reply to comment #1)
What about in foreign content? The spec says <script/> closes the element but doesn't run the script. Chrome does that, but Firefox closes the element and runs the script.
 #3   Nicholas Stimpson                               2012-03-06 22:06:06 +0000 
(In reply to comment #2)
Clarifications: (a) I'm not the original bug raiser. (b) I'm talking about the svg script element of course.
 #4   Simon Pieters                                   2012-03-07 09:05:17 +0000 
The SVG case is interesting. I think that's a spec bug.

Comment 1 Ian 'Hixie' Hickson 2012-07-20 04:14:43 UTC
Hm yeah, I should investigate the implications of self-closing <script> in foreign content. Do the scripts ever run if they're external? Does it royally screw up legacy UAs? Maybe that should be an exception...
Comment 2 contributor 2012-08-09 23:40:12 UTC
Checked in as WHATWG revision r7239.
Check-in comment: Make <script/> in SVG in text/html execute.
Comment 3 Ian 'Hixie' Hickson 2012-08-09 23:40:46 UTC

Ok, turns out this was just a bug in the foreign content handling: <script/> wasn't triggering the script end tag processing that runs scripts. Oops.

This should be a relatively safe change. The only effect is that it makes scripts execute that didn't execute before. Ok that's a big change, this could be risky. Meep. At least the DOM doesn't change in script-disabled cases? That's got to count for something right?