advagg should ignore script-tags containing non-javascript content (such as underscore templates) [#2500203]

If you use the advagg_mod-setting "Put a wrapper around inline JS if it was added in the content section incorrectly", then this also affects script-tags that are not scripts, for instance underscore-templates such as

  <script type="text/underscore-template" id="wereldatlas-template-country-comparison">
    <div class="popup-close">X</div>
    <h2><%= country %></h2>
    <div id="comparison-label"><%= label %></div>
    <svg id="comparison-svg"></svg>
  </script>

This results in advagg_mod JS-code being used as the template-code (and usually becoming visible).

As seen, the underscore-template uses a script-tag with a non-standard type-attribute, to prevent evaluation by browsers. The advagg_mod inline-wrapper code should skip such scripts. Possibly this filtering should happen elsewhere in the advagg-code as well.

Comment	File	Size	Author
#6	advagg-2500203-only-wrap-type-js-scripts.patch	1.58 KB	mikeytown2
#6
#2	advagg-2500203-1-ignore-script-template.patch	1.59 KB	mikeytown2
#2

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

4 June 2015 at 19:50

mikeytown2 committed 5ce236e on 7.x-2.x

Issue #2500203 by mikeytown2: Do not wrap script templates in advagg...

Comment #2

mikeytown2 CreditAttribution: mikeytown2 commented 4 June 2015 at 19:52

Status:

Active

» Fixed

File	Size
advagg-2500203-1-ignore-script-template.patch	1.59 KB

Fixed it if using xpath. Patches are welcome for the regex '/<script((?:(?!src=).)*?)>(.*?)<\/script>/smix'

Comment #3

Marco Vervoort CreditAttribution: Marco Vervoort commented 4 June 2015 at 23:48

Wouldn't it be better to white-list the type-attribute-values containing 'javascript' (such as the official values 'text/javascript' and 'application/javascript') instead of blacklisting type-attribute-values containing 'template'?

Scripts without a type-attribute also need to be accepted. Unfortunately, I don't know xpath syntax, so don't know how to do 'OR'.

I think the corresponding regex would be something like
/<script(?![^<>]*src=)(?:(?![^<>]*type=)|(?=[^<>]*type="?[^<>"]*javascript))(.*?)>(.*?)<\/script>/smix

Comment #4

mikeytown2 CreditAttribution: mikeytown2 commented 5 June 2015 at 00:23

Status:

Fixed

» Needs work

A whitelist would be better. Wasn't sure exactly how to create one using xpath. I'll give the regex a spin; thanks for working in it :)

Comment #5

8 June 2015 at 22:44

mikeytown2 committed 36f8be7 on 7.x-2.x authored by MRV

Issue #2500203 by mikeytown2, MRV: advagg should ignore script-tags...

Comment #6

mikeytown2 CreditAttribution: mikeytown2 commented 8 June 2015 at 22:44

Status:

Needs work

» Fixed

File	Size
advagg-2500203-only-wrap-type-js-scripts.patch	1.58 KB

Comment #7

22 June 2015 at 22:44

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

advagg should ignore script-tags containing non-javascript content (such as underscore templates)

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community