Facebook/react
1
0
Fork 0
mirror of https://github.com/facebook/react.git synced 2025-11-01 09:12:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't execute <script> tags w/ createElement mode

Browse Source 
Each script will execute at most once so we could also set `.textContent` to something like `;`, then add it to the document, then change the `.textContent`, but this seems like the simplest approach. See http://dev.w3.org/html5/spec-preview/the-script-element.html for details.
This commit is contained in:
Ben Alpert
2015-10-12 10:54:07 -07:00
parent b03b195759
commit db989bf686
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/renderers/dom/shared/ReactDOMComponent.js
+10 -1
View File
@@ -630,7 +630,16 @@ ReactDOMComponent.Mixin = {
var ownerDocument = nativeContainerInfo._ownerDocument;
var el;
if (namespaceURI === DOMNamespaces.html) {
el = ownerDocument.createElement(this._currentElement.type);
if (this._tag === 'script') {
// Create the script via .innerHTML so its "parser-inserted" flag is
// set to true and it does not execute
var div = ownerDocument.createElement('div');
var type = this._currentElement.type;
div.innerHTML = `<${type}></${type}>`;
el = div.removeChild(div.firstChild);
} else {
el = ownerDocument.createElement(this._currentElement.type);
}
} else {
el = ownerDocument.createElementNS(
namespaceURI,