W3C home > Mailing lists > Public > html-tidy@w3.org > January to March 2015

Re: [Tidy-dev] Solicit feedback on Script Parsing

From: Geoff McLane <ubuntu@geoffair.info>
Date: Mon, 9 Mar 2015 17:20:08 +0100
Message-ID: <CA+PgotKwu9FJiqqQM-uHQ4Q7r12rJCKoKVQ7jN=ToRX4uG=KHQ@mail.gmail.com>
To: Jim Derry <balthisar@gmail.com>
Cc: public-htacg-contrib@w3.org, html-tidy@w3.org, tidy-develop <tidy-develop@lists.sourceforge.net>
On Mon, Mar 9, 2015 at 2:40 PM, Peter Hoffmann <notifications@github.com>
wrote:
> Doesn't
>
http://www.w3.org/TR/2014/REC-html5-20141028/scripting-1.html#restrictions-for-contents-of-script-elements
> say, that you must not use the string '<script…' inside the
script-element?

@HoffmannP, thanks for that link. Yes, it does clearly indicate that
`<script` should not be in a script element.

However, if that is the case then the W3C validator is also in error by not
flagging this as 'invalid'! Is this maybe a validator bug?

But then what about the role of tidy as a 'fixer'. My patch could see this
is in inverted commas, and could add the escaped `<\script` to successfully
fix the document, probably with a warning.

It just seems to me the current MESS that tidy outputs in this case is
quite unacceptable -

````
<body>
<script>
var a = '<script';
<\/script>
<\/body>
<\/html>
</script>
</body>
````

Or alternatively at least to flag it as an error, thus no output unless
forced. The idea is to not generate what would be seen as invalid
javascript! That is a seriously compromised document.

What do you think? Will also try to cross-post this to the lists to perhaps
have a wider audience.
Received on Monday, 9 March 2015 16:20:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 9 March 2015 16:20:41 UTC