Merge pull request #483 from capricorn86/task/446-fails-to-inject-a-s…

…cript-tag-of-type-applicationjson #446@patch: Adds a check for only executing scripts for valid types i…
capricorn86 · May 20, 2022 · 02ae081 · 02ae081
2 parents c922f33 + cce139b
commit 02ae081
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/packages/happy-dom/src/nodes/html-script-element/HTMLScriptElement.ts b/packages/happy-dom/src/nodes/html-script-element/HTMLScriptElement.ts
@@ -195,7 +195,14 @@ export default class HTMLScriptElement extends HTMLElement implements IHTMLScrip
 				ScriptUtility.loadExternalScript(this);
 			} else {
 				const textContent = this.textContent;
-				if (textContent) {
+				const type = this.getAttributeNS(null, 'type');
+				if (
+					textContent &&
+					(type === null ||
+						type === 'application/x-ecmascript' ||
+						type === 'application/x-javascript' ||
+						type.startsWith('text/javascript'))
+				) {
 					this.ownerDocument.defaultView.eval(textContent);
 				}
 			}

diff --git a/packages/happy-dom/test/nodes/html-script-element/HTMLScriptElement.test.ts b/packages/happy-dom/test/nodes/html-script-element/HTMLScriptElement.test.ts
@@ -139,6 +139,15 @@ describe('HTMLScriptElement', () => {
 			expect(window['test']).toBe('test');
 		});
 
+		it('Does not evaluate types that are not supported.', () => {
+			const div = document.createElement('div');
+			const element = <HTMLScriptElement>document.createElement('script');
+			element.type = 'application/json';
+			element.textContent = '{"key": "value"}';
+			div.appendChild(element);
+			expect(element.textContent).toBe('{"key": "value"}');
+		});
+
 		it('Does not evaluate code when added as innerHTML.', () => {
 			const div = document.createElement('div');
 			div.innerHTML = '<script>globalThis.test = "test";</script>';