Re: Comments in markup?

Mon, 29 Jul 1996 18:22:15 -0500 (EST)

Date: Mon, 29 Jul 1996 18:22:15 -0500 (EST)
From: Foteos Macrides <MACRIDES@SCI.WFBR.EDU>
Subject: Re: Comments in markup?
Message-id: <01I7NK0TR2OY0001TB@SCI.WFBR.EDU> (Murray Altheim) wrote:
>Comments are only allowed in declarations. And the only declarations within
>HTML document instances you'll find are comment declarations -- all the
>rest is considered markup. You'll note that you can't put <!ENTITY ..>
>declarations within the document instance either.

	Could you elaborate on these issues in relation to marked
sections and the scripting issue?

	<!-- is OK in a document instance, and ultimately should end
with a --> or --white> but can't reliably hide a script which might
contain -- as a decrementer, or --, -->, etc., as strings in script

	<SCRIPT ...>...</SCRIPT> is almost OK with "add hoc" parsers
that just look for the end tag, but those still could get tripped
up if </SCRIPT> were in a script statement and not really the end
tag, and it seems basically to have the same problem for real SMGL
parses as do PLAINTEXT and XMP.

	<![[ also has the problem that a script statement might include
what looks like it's terminator.

	So isn't it in fact true that the ONLY way to include script
code "100%" safely in an HTML document instance is as an encoded (hex
or BASE64) attribute value?


 Foteos Macrides            Worcester Foundation for Biomedical Research
 MACRIDES@SCI.WFBR.EDU         222 Maple Avenue, Shrewsbury, MA 01545