For example typing html`<script>console.log("No execution")</script>`
doesn’t execute anything, or am I doing something wrong?.
Hi @Kreijstal thanks for using Observable!
That is correct, the code within the script tags will not be executed. You are not doing anything wrong, this is expected behavior.
This is ultimately a browser constraint motivated security considerations. The html
tag works by setting the innerHTML
of a (newly created) element with the content you provide, as you can see in the stdlib/src/html.js
source code. And per the HTML spec, browsers do not allow <script>
tags set with innerHTML
to be evaluated, as described in the innerHTML documentation on MDN.
4 Likes