Re: [Tidy-dev] Solicit feedback on Script Parsing

On Mon, Mar 9, 2015 at 2:40 PM, Peter Hoffmann <notifications@github.com>
wrote:
> Doesn't
>
http://www.w3.org/TR/2014/REC-html5-20141028/scripting-1.html#restrictions-for-contents-of-script-elements
> say, that you must not use the string '<script…' inside the
script-element?

@HoffmannP, thanks for that link. Yes, it does clearly indicate that
`<script` should not be in a script element.

However, if that is the case then the W3C validator is also in error by not
flagging this as 'invalid'! Is this maybe a validator bug?

But then what about the role of tidy as a 'fixer'. My patch could see this
is in inverted commas, and could add the escaped `<\script` to successfully
fix the document, probably with a warning.

It just seems to me the current MESS that tidy outputs in this case is
quite unacceptable -

````
<body>
<script>
var a = '<script';
<\/script>
<\/body>
<\/html>
</script>
</body>
````

Or alternatively at least to flag it as an error, thus no output unless
forced. The idea is to not generate what would be seen as invalid
javascript! That is a seriously compromised document.

What do you think? Will also try to cross-post this to the lists to perhaps
have a wider audience.

Received on Monday, 9 March 2015 16:20:38 UTC