Re: CDATA, Script, and Style

On Mar 19, 2009, at 14:27, Sam Ruby wrote:

> Henri Sivonen wrote:
>> On Mar 19, 2009, at 00:56, Jonas Sicking wrote:
>>> However, if the style was
>>>
>>> <style type="text/css">
>>> svg &gt; rect {
>>>   fill: red;
>>> }
>>> </style>
>>>
>>> then this would work as expected in XML-SVG, but there might  
>>> possibly
>>> be problems when the markup is copied into a text/html document. In
>>> HTML, the contents of <style> is parsed as CDATA. That means that no
>>> entities are escaped. So the above style tag would contain invalid  
>>> CSS
>>> as the "&gt;" would not be turned into a ">" and so the selector  
>>> would
>>> be invalid and not match anything.
>>>
>>> So the question is, how common do we think this is? We're looking  
>>> for
>>> how common it is that:
>>> 1) An SVG file contains inline <style>, *and*
>>> 2) That style does not use <![CDATA[]]> for the contents of the  
>>> element, *and*
>>> 3) The contents uses entities.
>> I don't know how common it is, but this situation arises easily  
>> with an XML serializer that never outputs CDATA sections either  
>> because it is connected to SAX ContentHandler but not  
>> LexicalHandler or just because writing a serializer that doesn't  
>> output CDATA sections is some much easier to do correctly.
>
> Depends on the serializer.  Not encoding the ">" is legal inside of  
> text regions in XML.


Unless the two previous characters are "]]". To avoid keeping track of  
semi-arbitrary rules like this, I've always programmed my serializers  
to escape '>' into '&gt;' unconditionally.

See http://hsivonen.iki.fi/test/moz/square-square-gt.xml in a YSoD- 
enabled browser.
-- 
Henri Sivonen
hsivonen@iki.fi
http://hsivonen.iki.fi/

Received on Tuesday, 31 March 2009 09:34:47 UTC