buildFragment does not wrap html when elem starts with SCRIPT tag #5488
Comments
|
The only elements allowed inside a TR are TD or TH. Anything else is invalid markup. For a string that is valid markup, jQuery would have created valid DOM elements for it. So now it's a question of how invalid markup should be handled, which is often not very well defined. I don't know if this is covered in a spec. At least for a recent Chrome, it appears that any invalid element that has content and appears in a TR is effectively converted to a TD even if you use DOM methods. Again in Chrome, non-content elements like SCRIPT and LINK don't create a TD. Since the DOM methods don't execute embedded scripts like jQuery, it's not quite the same. Is the script supposed to be executed in this case? If so, does the ajaxResponse injection assume you're using jQuery? |
That's not for me to say, so I won't go into that. All I notice, is that SCRIPT tag inside a TR does appear to work in both Firefox and Edge (didn't check any other browser).
Yes. It is a cookie being set by a "WebSeal" server that handles security matters (authentication, authorization).
It does not (and can't as it is supposed to work with any text/html response (regardless of whether jQuery is used or not). |
|
The only way it would work without jQuery is if the browser loaded the response as a complete web page. With jQuery, injecting a script works: https://jsfiddle.net/c0r9y4vd/ Without jQuery, it does not: https://jsfiddle.net/7sxwdmk0/ You might want to check with the WebSeal group or documentation and see what their advice is for implementing AJAX requests. The mentions I could find seem to indicate this is very old tech, so if it's a problem I'm surprised it hasn't come up before: https://serverfault.com/questions/47148/reverse-proxies-and-ajax I'll leave it to the team as to whether a scenario like this should be supported. |
mgol
added
the
Discuss in Meeting
|
Thanks for opening an issue. We discussed in the meeting. This falls under when you give unexpected input, you'll get unexpected output. While it's admittedly strange that the TDs are lost, the script tag is invalid. Besides, we'd prefer not to build in special case logic for things like this because it would never end. However, if you know the response might be weird, the script could instead be appended separately with |
timmywil
removed
the
Discuss in Meeting
Description
We retrieve a HTML fragment (multiple TD cells) using AJAX and attempt to append it to an existing TBODY.
The server response gets intercepted by WebSeal which automatically prepends the text/html response with a script tag that sets a cookie (beyond our control).
Appending the AJAX response to the TBODY results in the SCRIPT being added and the TD cells having dissapeared.
TD cells need to be wrapped in a TABLE/TBODY/TR, which happens inside buildFragment. This wrapping however, is based on the first tag's name. This fails as it finds "script" in our case instead of "td"...
Link to test case
https://jsfiddle.net/cL675jgz/
The text was updated successfully, but these errors were encountered: