search

madrobby / zepto

Zepto.js is a minimalist JavaScript library for modern browsers, with a jQuery-compatible API
http://zeptojs.com
Other
15k stars 3.91k forks source link

Script tags in newly created elements (not yet added to the html page) execute when they should not #837

Closed teeohhem closed 10 years ago

teeohhem commented 11 years ago

Script tags inside of elements that have not been added to the HTML document should not execute until they are added to the HTML document.

Example:

$('<div />').html('<script>alert("This should not render")</script>');

An alert box is shown, even though this element is not in the HTML document.

If you do this with native JS, the script does not execute:

var elem = document.createElement('div');
elem.innerHTML = "<script>alert("This should not render")</script>"
madrobby commented 10 years ago

You are correct, this is a bug and should be fixed for jQuery API parity.

mislav commented 10 years ago

Fixed in ed63f79aab2c3466e267dde28d3fa48bc8def051