Bug 17995 - <svg><script xlink:href="x"/></svg> doesn't run the script per spec
<svg><script xlink:href="x"/></svg> doesn't run the script per spec
Status: RESOLVED FIXED
Product: WHATWG
Classification: Unclassified
Component: HTML
unspecified
Other other
: P3 normal
: Unsorted
Assigned To: Ian 'Hixie' Hickson
contributor
http://www.whatwg.org/specs/web-apps/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-18 07:31 UTC by contributor
Modified: 2012-08-09 23:40 UTC (History)
8 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description contributor 2012-07-18 07:31:07 UTC
This was was cloned from bug 16231 as part of operation convergence.
Originally filed: 2012-03-05 13:21:00 +0000

================================================================================
 #0   contributor@whatwg.org                          2012-03-05 13:21:24 +0000 
--------------------------------------------------------------------------------
Specification: http://dev.w3.org/html5/spec/
Multipage: http://www.whatwg.org/C#top
Complete: http://www.whatwg.org/c#top

Comment:
Why do I have to end the script tag when loading a script from an external
resource?

I have to do:
<script src="foo.js"></script>
I think it should be enough to do:
<script src="foo.js" />

Posted from: 212.247.162.243
User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
================================================================================
 #1   Anne                                            2012-03-05 13:45:29 +0000 
--------------------------------------------------------------------------------
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document: <http://dev.w3.org/html5/decision-policy/decision-policy.html>.

Status: Rejected
Change Description: no spec change
Rationale: Proposed change breaks backwards compatibility and breaks compatibility with content such as <script/>alert("aliens")</script> which unfortunately exists.
================================================================================
 #2   Nicholas Stimpson                               2012-03-06 21:58:05 +0000 
--------------------------------------------------------------------------------
(In reply to comment #1)
What about in foreign content? The spec says <script/> closes the element but doesn't run the script. Chrome does that, but Firefox closes the element and runs the script.
================================================================================
 #3   Nicholas Stimpson                               2012-03-06 22:06:06 +0000 
--------------------------------------------------------------------------------
(In reply to comment #2)
Clarifications: (a) I'm not the original bug raiser. (b) I'm talking about the svg script element of course.
================================================================================
 #4   Simon Pieters                                   2012-03-07 09:05:17 +0000 
--------------------------------------------------------------------------------
The SVG case is interesting. I think that's a spec bug.

http://software.hixie.ch/utilities/js/live-dom-viewer/saved/1363
================================================================================
Comment 1 Ian 'Hixie' Hickson 2012-07-20 04:14:43 UTC
Hm yeah, I should investigate the implications of self-closing <script> in foreign content. Do the scripts ever run if they're external? Does it royally screw up legacy UAs? Maybe that should be an exception...
Comment 2 contributor 2012-08-09 23:40:12 UTC
Checked in as WHATWG revision r7239.
Check-in comment: Make <script/> in SVG in text/html execute.
http://html5.org/tools/web-apps-tracker?from=7238&to=7239
Comment 3 Ian 'Hixie' Hickson 2012-08-09 23:40:46 UTC
THE HTML PARSER HAS CHANGED.

Ok, turns out this was just a bug in the foreign content handling: <script/> wasn't triggering the script end tag processing that runs scripts. Oops.

This should be a relatively safe change. The only effect is that it makes scripts execute that didn't execute before. Ok that's a big change, this could be risky. Meep. At least the DOM doesn't change in script-disabled cases? That's got to count for something right?