if loadScripts==true then scripts are evaluated on element.update().
The procedure of evaluating scripts is however NOT standard conform.

If f. e. you update the element with the following HTML:

<teaxarea>
<script>alert("hallo")</script>
</textarea>the alert() will be executed allthough the script is part of a textarea.

The reason is because Ext uses regular expressions to find the <script></script> blocks inside the HTML and eval()-s everything. Instead the HTML should be parsed by a real HTML-Parser to do the job.

We made very good experiences with the following way to execute scripts recieved via ajax:

divTag.innerHTML = html;

// evaluate pasted javascript
var scripts = divTag.getElementsByTagName("script");
var totalscripts="";
for (var i = 0; i < scripts.length; i++) {
var script = scripts[i].innerHTML;
totalscripts += "\n"+script;
}
window.setTimeout(totalscripts, 10);This way we let the BROWSER parse the recieved HTML.
<script> inside a <texarea> will not be executed bc. the browser simply does not create a script-dom-node for this script.

My surgestion is to change the script-execution in Ext using this better method.

I like that. Is there any performance gain/hit with that method?

It sounds like a good idea, but it won't work cross browser. When injecting HTML, script elements are stripped by some browsers.

It sounds like a good idea, but it won't work cross browser. When injecting HTML, script elements are stripped by some browsers.

We tested this in IE6/7, Safari, FF and Opera.

This is how we did it orginally and it didn't always work. In particular, IE randomly discards scripts injected using innerHTML.

To answer your original post, this:


<teaxarea>
<script>alert("hallo")</script>
</textarea>

should be:


<teaxarea>
&lt;script&gt;alert("hallo")&lt;/script&gt;
</textarea>

Browsers will usually (but not always) correctly parse raw html in a textarea, but using the second (encoded) will always work.