W3C home > Mailing lists > Public > public-html-comments@w3.org > March 2010

Re: Starting a script block with <!--

From: Henri Sivonen <hsivonen@iki.fi>
Date: Mon, 22 Mar 2010 03:01:41 -0700 (PDT)
To: Herman Venter <hermanv@microsoft.com>
Cc: public-html-comments@w3.org
Message-ID: <1474436700.5799.1269252101526.JavaMail.root@cm-mail03.mozilla.org>
(Disclaimer required when replying to this list: This is not a response from the Working Group.)

"Herman Venter" <hermanv@microsoft.com> wrote:

> I'm working on a prototype HTML5 parser for research purposes and
> recently bumped into this little bit of markup:
> 
> <SCRIPT type=text/javascript><!-- site js --></SCRIPT>
> 
> Trawling around the Web it seems that the expectation is that the
> script engine will ignore a (first?) line starting with <!--.
> 
> The EcmaScript standard does not provide for this (at least not the
> last time I've read through it), so I thought perhaps the issue will
> be addressed in the new HTML5 standard.

http://wiki.whatwg.org/wiki/Web_ECMAScript documents things that the EcmaScript spec doesn't care to say but that are in implementations in Web browsers.

> However, looking at the latter, I find myself hopelessly confused
> about the meaning of the "Script data escape start state" that is
> entered when <! is encountered inside a script tag body.

The purpose of those states is to support existing script content without ever rewinding the input stream.

The problem is basically this:
 1) Some pages assume they can use the string "</script>" inside a script if they enclose the script content in <!-- ... -->
 2) Other pages Have <!-- at the start of the script but forget --> from the end.

Complexity ensues. So far, what's in the spec looks like a successful solution. I've implemented in experimentally in Gecko, and I haven't seen bug reports about it.

FWIW, we used to simply ignore </script> after <!-- until --> had been seen, but that wasn't compatible with existing content. Existing parsers deal with the situation by rewinding the stream and retokenizing in another mode if they hit the EOF after <!-- but before -->, but for security reasons and for streamability, that's undesirable, too.

> As best as I can make things out, the end result is that the HTML
> comment in the above example is just passed through to the script
> engine, which leaves the question of what the script engine should do
> with the non compliant syntax dangling in the air.

Correct. The script engine is supposed to treat <!-- as a like comment (that is, like //). Personally, I think this belongs in the EcmaScript spec.

-- 
Henri Sivonen
hsivonen@iki.fi
http://hsivonen.iki.fi/
Received on Monday, 22 March 2010 10:02:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 1 June 2011 00:14:01 GMT