Opened 4 years ago

Closed 4 years ago

#18611 closed defect (fixed)

dojox.layout.ContentPane does not clean up scripts

Reported by: Sébastien Le Ray Owned by: dylan
Priority: undecided Milestone: 1.11
Component: DojoX Layout Version: 1.10.4
Keywords: Cc:
Blocked By: Blocking:

Description

When creating a dojox.layout.ContentPane? with executeScripts: true (yeah bad, not the point), with a content containing scripts, if you latter set("content", SomethingThatIsNotAStringLikeAWidgetOrADOMNode) scripts from the first content get executed (see http://jsfiddle.net/Lk68gL0e/).

This is because dojox.html._ContentSetter does not properly reset this._code when content is not a String (onBegin, l.273 from dojox/html/_base.js)

Change History (2)

comment:1 Changed 4 years ago by dylan

Milestone: tbd1.11
Owner: set to dylan
Status: newassigned

If an easy fix, I'll update for 1.11, otherwise will update for 1.12.

comment:2 Changed 4 years ago by dylan

Resolution: fixed
Status: assignedclosed

Fixed in https://github.com/dojo/dojox/commit/0baed601e4156cc9123dcbea5f03f843c024a630

There is probably a more exhaustive way to fix this, but we really discourage this behavior, so I'm not going to spend the time to figure out how to properly remove the scripts that get added. Also, this does nothing to sanitize scripts that are included in a DOM node or a widget if passed to set, so beware.

Note: See TracTickets for help on using tickets.