Opened 8 years ago

Closed 4 years ago

#13434 closed defect (patchwelcome)

ContentPane and others: evaluation fails if scripts are not semicolon-terminated

Reported by: mtr Owned by: Sam Foster
Priority: low Milestone: 1.13
Component: DojoX Layout Version: 1.6.1
Keywords: Cc:
Blocked By: Blocking:

Description

The code in dojox.html that evaluates scripts found inside HTML will throw an exception when this HTML includes inline scripts at least one of which is not terminated with a semicolon or newline. This appears to be because the "snarfScripts" code in dojox.html._base.js simply concatenates all of the scripts it discovers in the HTML into a single variable (i.e., byRef.code += code;) - I believe that these scripts need to be delimited with semicolons (or other statement terminators) to prevent syntax errors when dealing with HTML like this:

<script>var a=2</script>OK?<script>alert('a='+a);</script>

The HTML above works in an HTML page since the end of the script tag terminates the assignment statement. When this is evaluated by something like dojox.layout.ContentPane?, the concatenated script is invalid: var a=2alert('a='+a); Changing the code in _base.js to force semicolon separation of the concatenated scripts fixed this issue for me.

Attachments (1)

content_pane_script_issue.html (2.0 KB) - added by mtr 8 years ago.
Test case - clicking the "Bad" button gets error and does not alert

Download all attachments as: .zip

Change History (6)

comment:1 Changed 8 years ago by Eugene Lazutkin

Component: HTMLDojox
Owner: changed from Eugene Lazutkin to Tom Trenka

comment:2 Changed 8 years ago by Tom Trenka

Got a test case I can use?

Changed 8 years ago by mtr

Test case - clicking the "Bad" button gets error and does not alert

comment:3 Changed 8 years ago by bill

Component: DojoxDojoX Layout

comment:4 Changed 8 years ago by Tom Trenka

Owner: changed from Tom Trenka to Sam Foster
Priority: highlow
Status: newassigned

Actually, I think this is Sam Foster's domain? Reassigning.

comment:5 Changed 4 years ago by dylan

Milestone: tbd1.12
Resolution: patchwelcome
Status: assignedclosed

Given that no one has shown interest in creating a patch in the past 4+ years, I'm closing this as patchwelcome.

Note: See TracTickets for help on using tickets.