HTML Standard Tracker

Diff (omit for latest revision)

Short URL:

File a bug

SVNBugCommentTime (UTC)
2046Require that <script src=javascript:...></script> result in no script execution, for any value of '...', for compatibility with most UAs.2008-08-11 10:14
Index: source
--- source	(revision 2045)
+++ source	(revision 2046)
@@ -23714,6 +23714,14 @@
     attribute, then the specified resource must be <span
+    <p>For historical reasons, if the <span>URL</span> is a <span
+    title="javascript protocol"><code title="">javascript:</code>
+    URL</span>, then the user agent must not, despite the requirements
+    in the definition of the <span title="fetch">fetching</span>
+    algorithm, actually execute the given script, and instead the user
+    agent must act as if it had received an empty HTTP 400
+    response.</p>
     <p>Once the fetching process has completed, and the script has
     <dfn>completed loading</dfn>, the user agent will have to complete
     <span title="when a script completes loading">the steps described