Re: [whatwg] Handling of script elements inside rendered OBJECT

Wed, 10 May 2006 21:26:13 -0700 

Shadow2531 wrote:

<object type="text/html" data="about:blank">
   <script>alert('You should not see this!');</script>
</object>

What should happen in situations like that?

The script element is alternate content.
The object is rendered.
The script SHOULD NOT be executed *until* the alernate content is
rendered.
If scripts inside <object> aren't executed, then consider what should happen with this: 

<script>
  document.write("<object type=\"text/html\" data=\"test\">");
</script>
<p>alternate content for when both scripts and the object isn't supported</p> 
<script>
  document.write("<\/object>");
</script>
Because of the way document.write() works by writing data back into the stream, the question is: if scripts inside objects are not executed, is the second script considered part of the alternate content and thus not executed? 

With scripts being executed, that ends up being the following

This is the innerHTML representation from Firefox:

<!DOCTYPE HTML><html><head></head><body>
<script>
  document.write("<object type=\"text/html\" data=\"./\">");
</script><object type="text/html" data="./">
<p>alternate content for when both scripts and the object isn't supported</p> 
<script>
  document.write("<\/object>");
</script></object>
<p>test</p></body></html>

This is the DOM representation of the same:
DOCTYPE: html
HTML
  HEAD
  BODY
    SCRIPT
      # #text: document.write("<object type=\"text/html\" data=\"./\">");
    OBJECT data="./" type="text/html"
      P
#text: alternate content for when both scripts and the object isn't supported 
      SCRIPT
        #text: document.write("<\/object>");
    P
      #text: test
If, however, scripts aren't executed inside the second script would not be executed and thus the </object> would not be written out. That would mean the rest of the entire document would end up being inside the object, as can seen in the output from IE 

#comment: CTYPE ht
HTML
  HEAD
    TITLE
      BODY
        SCRIPT
        OBJECT type="text/html" data="./"
          (child nodes weren't output by IE)

The innerHTML representation:

<!DOCTYPE HTML><html><HEAD></HEAD>
<BODY>
<SCRIPT>
  document.write("<object type=\"text/html\" data=\"./\">");
</SCRIPT>

<OBJECT type=text/html data=./>
<p>alternate content for when both scripts and the object isn't supported</p> <script> document.write("<\/object>");</script><p>test</OBJECT></BODY></html> 

--
Lachlan Hunt
http://lachy.id.au/

Reply via email to