I write an application where AJAX loads an XSLT which has a <script> inside.
The strange thing is that script runs twice in Firefox. So, I simplify the code and I post it here.
Yes. Firefox does eval in scripts inside XSLT loaded with AJAX.
Is it a Firefox bug? Is there a workaround?
index.xhtml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html>
<html xmlns="http://ift.tt/lH0Osb">
<head><script src="app.js" /></head>
<body onload="locationHashChanged();" />
</html>
app.js
function get(file) {
var request = new XMLHttpRequest();
request.open("GET", file, false);
request.send();
return request.responseXML;
}
function insert(where, root) {
var scripts = root.getElementsByTagName('script');
if (root.getAttribute('xmlns') == 'http://ift.tt/lH0Osb') root.removeAttribute('xmlns');
where.parentNode.replaceChild(root, where);
//for(var z = 0; z != scripts.length; z++) eval(scripts[z]);
}
function locationHashChanged() {
var xml = get('apps.xml');
var xslt = get('xslt.xsl');
var xsltProcessor = new XSLTProcessor();
xsltProcessor.importStylesheet(xslt);
insert(document.body, xsltProcessor.transformToFragment(xml, document).firstChild);
};
xslt.xsl
<?xml version="1.0"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://ift.tt/tCZ8VR">
<xsl:strip-space elements="*" />
<xsl:template match="//*[@path='']">
<body xmlns="http://ift.tt/lH0Osb">
<script>alert('Only in Firefox');</script>
</body>
</xsl:template>
</xsl:stylesheet>
apps.xml
<?xml version="1.0" encoding="UTF-8"?>
<menu name="" path="" />
Aucun commentaire:
Enregistrer un commentaire