W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > October 2013

[Bug 23587] Provide rationale for content restrictions for script tag

From: <bugzilla@jessica.w3.org>
Date: Tue, 22 Oct 2013 11:46:09 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-23587-2486-ykxjZPfCWR@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23587

Leif Halvard Silli <xn--mlform-iua@xn--mlform-iua.no> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |xn--mlform-iua@xn--mlform-i
                   |                            |ua.no
           Assignee|robin@w3.org                |dave.null@w3.org

--- Comment #1 from Leif Halvard Silli <xn--mlform-iua@xn--mlform-iua.no> ---
(In reply to Jakub Łopuszański from comment #0)

The culprit is 3 competing (parsing) rules:

1) Comments in a script element have to be closed inside the same
   script element.
   QUESTION: Is this an *authoring rule*, only?
             Or is it also a *parsing rule*, too?
     ANSWER: It is an authoring rule *mostly*, but there is an 
             exception, see rule 3) below. 
2) Script element ends when parser sees the end tag "</script>".
   This is true even in case of <script><!--</script>, which
   NU validator considers *invalid*, but which nevertheless
   works fine in parsers.
3) The *first* (but not the second(!)) end tag "</script>" is
   ignored if it occurs inside a comment *and* there, before
   the end tag, is a start tag "<script>. So this swallows the
   entire document:
       <script><!--<script></script><body>foo</html>
   But this doesn’t:
       <script><!--<script></script></script><body>foo</html>
   This works fine as well (since comment is after start tag):
       <script><script><!--</script><body>foo</html>

As long as only rule 1) and rule 2) are active, then everything is nice
and dandy. it Is rule 3) that complicates.

QUESTION:
    Is rule 3) documented/described in the spec? If so, where?

NOTE:
    We do *not* see the same behavior for <style>, despite that it
    is the same kind of element (takes raw text content) - this
    works fine: <style><!--<style></style>

SOLUTION(S) FOR AUTHORS: 

(1) Authors already know that the script element ends
    when they insert the end tag </script>. Therefore authors *do*
    escape the end tag </script>. But authors are not particulary
    aware that the start tag <script>, if it occurs inside a
    comment, makes the parser *ignore* the end tag </script>.

(2) Solution: Inside the script element, the spec should recommend that
    authors escape not only the end tag </script> but also the start tag
    <script>. Alternatively, authors could make sure that the script
    elemnets ends wiht *two* end tags </script> ...

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Tuesday, 22 October 2013 11:46:10 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:31:45 UTC