Issue 921150 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Jan 15
Cc:	kouhei@chromium.org neis@chromium.org hirosh...@chromium.org
Components:	Blink>HTML>Script
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Via-Wizard-Javascript Needs-Triage-M71

script tag is not executed by importNode

Reported by a.goed...@googlemail.com, Jan 11

Issue description

UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36

Steps to reproduce the problem:
1. create a template element using document.createElement
2. set the innerHTML to '<script>alert("hello");</script>'
3. call document.importNode(template.content, true);

What is the expected behavior?
alert should be executed

What went wrong?
It does not.

Did this work before? N/A 

Chrome version: 71.0.3578.80  Channel: n/a
OS Version: 
Flash Version: 

A similar bug https://bugs.chromium.org/p/chromium/issues/detail?id=572693 has been fixed a while back. The test case provided there can be used to reproduce the issue. Maybe re-opening that bug would be ok? Test case from that bug: http://jsbin.com/hocine/edit?html,output

Comment 1 by phanindra.mandapaka@chromium.org, Jan 12

Labels: Needs-Triage-M71

Comment 2 by woxxom@gmail.com, Jan 12

The linked bug is about an entire <template> with a <script> being inside another element's HTML so it's not related.
The behavior you observe here is correct and matches the specification AFAICT.
https://html.spec.whatwg.org/multipage/scripting.html#htmltemplateelement

A <template> element doesn't have any children so there's no point in setting its innerHTML.
You can use its "content" property:

    var t = document.createElement('template');
    t.content.appendChild(document.createElement('script')).textContent = 'alert("hello")';
    document.documentElement.appendChild(document.importNode(t.content, true));

In order to actually run a script you need to make sure it's not "inert" as defined in the above spec:
* create the script element manually via createElement 
* attach the script element to the live DOM

The specification says the only case when the scripts aren't inert is when the <template> was present in the original opened document so for example this test.html runs the template's script:

    <template id=tpl>
      <script>alert("hello");</script>
    </template>
    <script>
      document.documentElement.appendChild(document.importNode(tpl.content, true));
    </script>

Comment 3 by a.goed...@googlemail.com, Jan 12

Thanks for taking the time to explain this. Sorry for filing a bug about behavior which is correct!

Comment 4 by tkent@chromium.org, Jan 15

Components: -Blink Blink>HTML>Script
Status: WontFix (was: Unconfirmed)

►

Issue 921150 link

Issue metadata

script tag is not executed by importNode

Issue description

Comment 1 by phanindra.mandapaka@chromium.org, Jan 12

Comment 1 Deleted

Comment 2 by woxxom@gmail.com, Jan 12

Comment 2 Deleted

Comment 3 by a.goed...@googlemail.com, Jan 12

Comment 3 Deleted

Comment 4 by tkent@chromium.org, Jan 15

Comment 4 Deleted

Sign in to add a comment