Menu
I was reading this question with the accepted answer being:
Script added by setting the innerHTML property of an element doesn't get executed.
But when I try to change the innerHTML of the first <script> tag in the following code:
<script></script>
<script>
document.querySelectorAll("script")[0].innerHTML = 'console.log("Test")';
</script>
I can see the injected code for the <script> element being executed (the console.log() function outputs Test).
Furthermore if I remove the first empty <script> tag (thus making the first element [0] refer to the script itself), the script is changed in the DOM, but the code is never executed.
<script>
document.querySelectorAll("script")[0].innerHTML = 'console.log("Test")';
</script>
What prompts this behaviour?
411
New elements can be dynamically created in JavaScript with the help of createElement() method. The attributes of the created element can be set using the setAttribute() method.
var iDiv = document. createElement('div'); iDiv.id = 'block'; iDiv. className = 'block'; document.
Dynamically Execute JavaScript in ElectronJS Last Updated : 08 Jun, 2020 ElectronJS is an Open Source Framework used for building Cross-Platform native desktop applications using web technologies such as HTML, CSS, and JavaScript which are capable of running on Windows, macOS, and Linux operating systems.
Imagine you’re building complex web-based applications and have stored logic in form of code on the server-side environment and wish to generate functions using that logic on the go. One thing to note is apart from these rare situations creating dynamic functions should be avoided as they make the code prone to security and performance issues.
The Function object can also be used as a constructor function to create a new function on the fly. The syntax for creating a function from Function Object is as follows: args1, args2,.. argsN are the arguments accepted by the function and body is the string consisting of JavaScript statements that will be executed when the function is called.
One thing to note is apart from these rare situations creating dynamic functions should be avoided as they make the code prone to security and performance issues. TLDR, The Function object could be used as a constructor function to create dynamic functions on the fly.
This is described in Scripting. When the script is being prepared,
At step 2, the "parser-inserted" flag is removed:
If the element has its "parser-inserted" flag set, then set was-parser-inserted to true and unset the element's "parser-inserted" flag.
At step 4, before restoring the "parser-inserted" flag, the steps are aborted
If the element has no
srcattribute, and its child nodes, if any, consist only of comment nodes and emptyTextnodes, then the user agent must abort these steps at this point. The script is not executed.
Therefore, when you modify it, it will be prepared again:
When a
scriptelement that is not marked as being "parser-inserted" experiences one of the events listed in the following list, the user agent must synchronously prepare thescriptelement:
- The
scriptelement gets inserted into a document, at the time the node is inserted according to the DOM, after any otherscriptelements inserted at the same time that are earlier in theDocumentin tree order.- The
scriptelement is in aDocumentand a node or document fragment is inserted into thescriptelement, after anyscriptelements inserted at that time.- The
scriptelement is in aDocumentand has asrcattribute set where previously the element had no such attribute.
Once the script ran, modifying the contents won't execute them, because script preparation will abort:
If the
scriptelement is marked as having "already started", then the user agent must abort these steps at this point. The script is not executed.
63
Very interesting finding indeed!
It really seems that empty src-less script element is in some strange state that accepts either content or even new src and interprets them. (Couldn't find a reason for that either. I just have a tiny hint: )
It resembles behavior of dynamically inserted script elements.
Here is example/proof of your observation and added few more cases for illustration:
script[src]::before,
script {
display: block;
border: 1px solid red;
padding: 1em;
}
script[src]::before,
script {
content: 'src='attr(src)
}
button {
display: block
}<p>Existing empty script in HTML:</p>
<script id="existing"></script>
<p>Can be invoked just one of:</p>
<button onclick="eval(this.innerText)">
existing.innerHTML='console.log("innerHTML to static")'
</button>
<button onclick="eval(this.innerText)">
existing.src='data:text/javascript,console.log("src to static")'
</button>
<p>Dynamically created and inserted script (each creates own, so both work):</p>
<button onclick="eval(this.innerText)">
document.body.appendChild(document.createElement('script')).innerHTML='console.log("innerHTML to dynamic")'
</button>
<button onclick="eval(this.innerText)">
document.body.appendChild(document.createElement('script')).src='data:text/javascript,console.log("src to dynamic")'
</button>You will have to re-run snippet to see both "static" cases works.
(Also there is a blank script containing white-space generated by SO, for whatever reason.)
As Laurianti demonstrated, if the script had some (even white-space) content (or src=""), it would not work.
Also, in the "dynamic" examples notice that the innerHTML or src value is altered after the script element had been inserted to the document. So it is possible to have a blank static or create dynamic script, leave it in the document and set use it long after that.
Sorry for not giving a full answer, just wanted to share research and the hint.
(Update removed; Oriol was faster and way more accurate. Phew, glad to see this sorted out!)
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
