Opened 5 years ago
Closed 4 years ago
#18611 closed defect (fixed)
dojox.layout.ContentPane does not clean up scripts
| Reported by: | Sébastien Le Ray | Owned by: | dylan |
|---|---|---|---|
| Priority: | undecided | Milestone: | 1.11 |
| Component: | DojoX Layout | Version: | 1.10.4 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: |
Description
When creating a dojox.layout.ContentPane? with executeScripts: true (yeah bad, not the point), with a content containing scripts, if you latter set("content", SomethingThatIsNotAStringLikeAWidgetOrADOMNode) scripts from the first content get executed (see http://jsfiddle.net/Lk68gL0e/).
This is because dojox.html._ContentSetter does not properly reset this._code when content is not a String (onBegin, l.273 from dojox/html/_base.js)
Change History (2)
comment:1 Changed 4 years ago by
| Milestone: | tbd → 1.11 |
|---|---|
| Owner: | set to dylan |
| Status: | new → assigned |
comment:2 Changed 4 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed in https://github.com/dojo/dojox/commit/0baed601e4156cc9123dcbea5f03f843c024a630
There is probably a more exhaustive way to fix this, but we really discourage this behavior, so I'm not going to spend the time to figure out how to properly remove the scripts that get added. Also, this does nothing to sanitize scripts that are included in a DOM node or a widget if passed to set, so beware.
If an easy fix, I'll update for 1.11, otherwise will update for 1.12.