PDA

View Full Version : [OPEN] Ext.Element.update(): better evaluation of Scripts



schmidetzki
2 Jun 2007, 1:03 PM
if loadScripts==true then scripts are evaluated on element.update().
The procedure of evaluating scripts is however NOT standard conform.

If f. e. you update the element with the following HTML:

<teaxarea>
<script>alert("hallo")</script>
</textarea>the alert() will be executed allthough the script is part of a textarea.

The reason is because Ext uses regular expressions to find the <script></script> blocks inside the HTML and eval()-s everything. Instead the HTML should be parsed by a real HTML-Parser to do the job.

We made very good experiences with the following way to execute scripts recieved via ajax:

divTag.innerHTML = html;

// evaluate pasted javascript
var scripts = divTag.getElementsByTagName("script");
var totalscripts="";
for (var i = 0; i < scripts.length; i++) {
var script = scripts[i].innerHTML;
totalscripts += "\n"+script;
}
window.setTimeout(totalscripts, 10);This way we let the BROWSER parse the recieved HTML.
<script> inside a <texarea> will not be executed bc. the browser simply does not create a script-dom-node for this script.

My surgestion is to change the script-execution in Ext using this better method.

jbowman
2 Jun 2007, 2:54 PM
I like that. Is there any performance gain/hit with that method?

jack.slocum
2 Jun 2007, 8:42 PM
It sounds like a good idea, but it won't work cross browser. When injecting HTML, script elements are stripped by some browsers.

schmidetzki
3 Jun 2007, 1:35 AM
It sounds like a good idea, but it won't work cross browser. When injecting HTML, script elements are stripped by some browsers.

We tested this in IE6/7, Safari, FF and Opera.

jack.slocum
3 Jun 2007, 4:42 AM
This is how we did it orginally and it didn't always work. In particular, IE randomly discards scripts injected using innerHTML.

jack.slocum
3 Jun 2007, 5:27 AM
To answer your original post, this:


<teaxarea>
<script>alert("hallo")</script>
</textarea>

should be:


<teaxarea>
&lt;script&gt;alert("hallo")&lt;/script&gt;
</textarea>

Browsers will usually (but not always) correctly parse raw html in a textarea, but using the second (encoded) will always work.