Fixes #9221. Wraps openings of html comments and CDATA blocks found a…

…t the beginning of inserted script elements into a javascript block comment so that the new implementation of globalEval will not throw an exception in IE (execScript being less lenient than eval). Unit tests added.
jquery · May 11, 2011 · 391398c · 391398c · jeresig · May 11, 2011
1 parent 3a1c27b
commit 391398c
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 3 deletions.
diff --git a/src/manipulation.js b/src/manipulation.js
@@ -10,6 +10,7 @@ var rinlinejQuery = / jQuery\d+="(?:\d+|null)"/g,
 	// checked="checked" or checked
 	rchecked = /checked\s*(?:[^=]|=\s*.checked.)/i,
 	rscriptType = /\/(java|ecma)script/i,
+	rcleanScript = /^\s*<!(?:\[CDATA\[|\-\-)/,
 	wrapMap = {
 		option: [ 1, "<select multiple='multiple'>", "</select>" ],
 		legend: [ 1, "<fieldset>", "</fieldset>" ],
@@ -500,7 +501,7 @@ jQuery.each({
 function getAll( elem ) {
 	if ( "getElementsByTagName" in elem ) {
 		return elem.getElementsByTagName( "*" );
-	
+
 	} else if ( "querySelectorAll" in elem ) {
 		return elem.querySelectorAll( "*" );
 
@@ -738,7 +739,7 @@ function evalScript( i, elem ) {
 			dataType: "script"
 		});
 	} else {
-		jQuery.globalEval( elem.text || elem.textContent || elem.innerHTML || "" );
+		jQuery.globalEval( ( elem.text || elem.textContent || elem.innerHTML || "" ).replace( rcleanScript, "/*$0*/" ) );
 	}
 
 	if ( elem.parentNode ) {

diff --git a/test/unit/manipulation.js b/test/unit/manipulation.js
@@ -1044,7 +1044,7 @@ test("clone(form element) (Bug #3879, #6655)", function() {
 
 	equals( clone.is(":checked"), element.is(":checked"), "Checked input cloned correctly" );
 	equals( clone[0].defaultValue, "foo", "Checked input defaultValue cloned correctly" );
-	
+
 	// defaultChecked also gets set now due to setAttribute in attr, is this check still valid?
 	// equals( clone[0].defaultChecked, !jQuery.support.noCloneChecked, "Checked input defaultChecked cloned correctly" );
 
@@ -1396,3 +1396,21 @@ test("jQuery.buildFragment - no plain-text caching (Bug #6779)", function() {
     equals($f.text(), bad.join(""), "Cached strings that match Object properties");
 	$f.remove();
 });
+
+test( "jQuery.html - execute scripts escaped with html comment or CDATA (#9221)", function() {
+	expect( 2 );
+	jQuery( [
+	         '<script type="text/javascript">',
+	         '<!--',
+	         'ok( true, "<!-- handled" );',
+	         '//-->',
+	         '</script>'
+	     ].join ( "\n" ) ).appendTo( "#qunit-fixture" );
+	jQuery( [
+	         '<script type="text/javascript">',
+	         '<![CDATA[',
+	         'ok( true, "<![CDATA[ handled" );',
+	         '//]]>',
+	         '</script>'
+	     ].join ( "\n" ) ).appendTo( "#qunit-fixture" );
+});