After reading all the responses and consulting with several developers at Google and other WebKit contributors, I have reached the conclusion that we should fix this bug, and the script parsed by createContextualFragment should, indeed, run when the fragment is inserted into a document.
I'll follow up when the bug is fixed and WebKit's behavior is matched that of Firefox. Best regards, Ryosuke Niwa Software Engineer Google Inc. On Thu, Nov 11, 2010 at 4:34 PM, Ryosuke Niwa <[email protected]> wrote: > Greetings all, > > I'm working on the WebKit bug 12234 - Using createContextualFragment to > insert a <script> does not cause the script to > execute<https://bugs.webkit.org/show_bug.cgi?id=12234>. > While investigating the issue, the following part of HTML5 spec came to my > attention: > > *10.2.5.7 The "in head" insertion > mode<http://www.whatwg.org/specs/web-apps/current-work/#parsing-main-inhead> > * > ... > > - *A start tag whose tag name is "script"* > 1. If the parser was originally created for the HTML fragment parsing > algorithm, then mark the script element as "already started". (fragment > case) > > Since 10.4 Parsing HTML > fragments<http://www.whatwg.org/specs/web-apps/current-work/#fragment-case>does > not special case the script element, this seem to imply that we never > execute scripts inserted by the HTML fragment parsing algorithm. Am I > right? > > To give you more concrete example, should the following markup show the > alert or not? > > > <!DOCTYPE html> > <html> > <script> > document.body.innerHTML+="<scr"+"ipt>alert('SUCCESS')</scr"+"ipt>"; > </script> > </html> > > > Best regards, > Ryosuke Niwa > Software Engineer > Google Inc. > > >
