RE: HTML output method: SCRIPT and STYLE escaping from Kay, Michael on 2003-02-13 (public-qt-comments@w3.org from February 2003)

From: Kay, Michael <Michael.Kay@softwareag.com>
Date: Thu, 13 Feb 2003 16:24:35 +0100
To: Mike Brown <mike@skew.org>, public-qt-comments@w3.org
Message-ID: <DFF2AC9E3583D511A21F0008C7E621060453E074@daemsg02.software-ag.de>

> XSLT 2.0 section 20.3 says:
> 
>   The html output method should not perform escaping for the 
> content of
>   the script and style elements.
> 
> According to HTML 4.01 section B.3.2, "</" within the content 
> of a SCRIPT or STYLE slement should be escaped.

Thanks for alerting me to this (non-normative) appendix.

HTML SCRIPT elements do cause some serious problems. The fact is, users
frequently do produce the cited "illegal" example:

    <SCRIPT type="text/javascript">
      document.write ("<EM>This won't work</EM>")
    </SCRIPT>

and they seem to get away with it. What's more, they produce it in two
different ways, both of which generally work:

(1) as an element:

    <xsl:template match="x">
    <SCRIPT type="text/javascript">
      document.write ("<EM>This won't work</EM>")
    </SCRIPT>
    </xsl:template>

(2) as characters:

    <xsl:template match="x">
    <SCRIPT type="text/javascript">
      document.write ("&lt;EM&gt;This won't work&lt;/EM&gt;")
    </SCRIPT>
    </xsl:template>


> 
> It also indicates that unencodable characters appearing in a 
> SCRIPT or STYLE element "must" be escaped according to the 
> conventions of the script or style language's syntax -- they 
> cannot be written as character references. This is a bit 
> unreasonable to impose on an XSLT processor; nevertheless, it 
> should be acknowledged. Processors should be given the option 
> of performing such escaping, and a fallback behavior (of 
> emitting a character reference anyway, I presume) should be defined.
> 

I think the right solution for XSLT is that we should pass on this
requirement to use language-specific escaping to the user. We should include
an example showing that the correct way to write the above is:

(3)
    <xsl:template match="x">
    <SCRIPT type="text/javascript">
      document.write ("&lt;EM&gt;This will work&lt;\/EM&gt;")
    </SCRIPT>
    </xsl:template>

I don't think we should make either (1) or (2) an error, even though they
result in illegal HTML - there are many, many ways to produce illegal HTML
as the output of an XSLT stylesheet.

Michael Kay

Received on Thursday, 13 February 2003 10:24:44 UTC