umanda / dompdf

exported from code.google.com/p/dompdf.
0 stars 0 forks source link

Browser-oriented JavaScript in the document body may be rendered inline #302

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Create a HTML document with JavaScript in the body.
2. Render the document.

What is the expected output? What do you see instead?
The document should be created without the presence of the content of the 
JavaScript code. Portions of the script are, however, rendered as normal 
document text.

Are there any known causes?
DOMDocument->loadHTML() appears to parse the text of the script block 
(including text that is part of a JavaScript string) as part of the normal 
document. If the script contains any HTML tags DOMDocument will make the same 
type of structural corrections it would for the document body. In the worst 
case, if a closing html tag is in the code block DOMDocument will treat it as 
the end of the HTML, breaking things horribly.

Are there any known work-arounds?
Break up strings with HTML tags into multiple parts (e.g. change "</html>" to 
"<"+"/html>")

Original issue reported on code.google.com by eclecticgeek on 8 Jun 2011 at 6:23

GoogleCodeExporter commented 8 years ago
attaching test case

Original comment by eclecticgeek on 8 Jun 2011 at 6:24

Attachments:

GoogleCodeExporter commented 8 years ago
You'll need to change the tags in your script to something like this :

    alert("<"+"/html>");

Only HTML5 parsers seem to handle this correctly, but we use the DOM extension, 
which uses an HTML 4 parser, that doesn't handle this well.
A project like this http://code.google.com/p/html5lib/ could be used in the 
future to be able to make it work.

Original comment by fabien.menager on 13 Jun 2011 at 10:02

GoogleCodeExporter commented 8 years ago
Or at least put an HTML5 doctype ;)

<!DOCTYPE html>

Original comment by fabien.menager on 13 Jun 2011 at 10:12

GoogleCodeExporter commented 8 years ago
Nice, I didn't try the HTML5 doctype. Other doctypes are also a possibility so 
long as the script is enclosed in a CDATA section. Maybe we should write this 
off as due to poorly-written HTML and add a FAQ entry?

Original comment by eclecticgeek on 13 Jun 2011 at 3:17

GoogleCodeExporter commented 8 years ago

Original comment by eclecticgeek on 24 May 2013 at 3:00