|
From: | bill-auger |
Subject: | Fw: [librejs/librejs] Doesn’t detect inline scripts in XHTML(5) documents (#2) |
Date: | Mon, 20 Jan 2020 11:21:23 -0500 |
this bug report was posted on github https://github.com/librejs/librejs/issues/2 Begin forwarded message: Date: Mon, 20 Jan 2020 08:01:54 -0800 From: Columbus240 To: librejs/librejs <address@hidden> Cc: Subscribed <address@hidden> Subject: [librejs/librejs] Doesn’t detect inline scripts in XHTML(5) documents (#2) If a webpage is served as `application/xhtml+xml` (and is well-formed), then LibreJS won’t detect or block blocks of inline JavaScript. Minimal example: ```xhtml <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Some Title</title> </head> <body> <script>console.log("Hello");</script> </body> </html> ``` If this is saved to a `*.html` file and opened or served as `text/html`, LibreJS will note the inline script as trivial. If it is saved to a `*.xhtml` file and opened or served as `application/xhtml+xml` LibreJS will ignore the inline script. The JavaScript above can be replaced with arbitrary JavaScript code without LibreJS changing its behaviour.
If a webpage is served as application/xhtml+xml
(and is well-formed), then LibreJS won’t detect or block blocks of inline _javascript_.
Minimal example:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Some Title</title>
</head>
<body>
<script>console.log("Hello");</script>
</body>
</html>
If this is saved to a *.html
file and opened or served as text/html
, LibreJS will note the inline script as trivial. If it is saved to a *.xhtml
file and opened or served as application/xhtml+xml
LibreJS will ignore the inline script.
The _javascript_ above can be replaced with arbitrary _javascript_ code without LibreJS changing its behaviour.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
[Prev in Thread] | Current Thread | [Next in Thread] |