W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > October 2013

[Bug 23593] New: New restriction for safe CDATA content in script elements: the string <script> needs to be escaped.

From: <bugzilla@jessica.w3.org>
Date: Tue, 22 Oct 2013 12:05:47 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-23593-2486@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23593

            Bug ID: 23593
           Summary: New restriction for safe CDATA content in script
                    elements: the string <script> needs to be escaped.
           Product: HTML WG
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P3
         Component: HTML/XHTML Compatibility Authoring Guide (ed: Eliot
                    Graff)
          Assignee: xn--mlform-iua@xn--mlform-iua.no
          Reporter: xn--mlform-iua@xn--mlform-iua.no
        QA Contact: public-html-bugzilla@w3.org
                CC: eliotgra@microsoft.com, mike@w3.org,
                    public-html-admin@w3.org,
                    public-html-wg-issue-tracking@w3.org,
                    qbolec@gmail.com, robin@w3.org,
                    xn--mlform-iua@xn--mlform-iua.no
        Depends on: 23587

See comment number 1 in Bug #23587.

Polyglot Markup describes ”safe CDATA content”, which is a description of the
content that can be safely inserted into a script or style element provided
that it is wrapped inside a CDATA declaration. Simply put, that content has to
match what the parser rules for the text/html serialization.

However, Jakub Łopuszański’s bug, bug #23587, shows that we also need to say
something about escaping the <script> start tag, if it occurs inside a comment
inside the script element - see comment number 1 of Bug #23587.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Tuesday, 22 October 2013 12:05:50 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 16:31:45 UTC