- From: <bugzilla@jessica.w3.org>
- Date: Wed, 30 Mar 2011 06:17:08 +0000
- To: public-html-bugzilla@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=12398 --- Comment #3 from Henri Sivonen <hsivonen@iki.fi> 2011-03-30 06:17:07 UTC --- It's known that there exists some sites on the Web where the spec gets stuck inside a script. That's the price of never reparsing. Is this breaking a top site that you have been unable to evangelize? With Firefox, the script states have been a wild success beyond my expectations. Exactly one case of site breakage has reached me on b.m.o and that site was successfully evangelized. With the data presented so far, I'd WONTFIX this. To the extent this affects Bugzilla itself, it's a bug in Bugzilla, although I thought the bug was already fixed in upstream Bugzilla. In general, any Web app that includes untrusted strings as string literals in inline scripts MUST escape < as \u003C to be safe. (That's the simplest way to deal with <!--, <script> and </script> all in one go.) -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug.
Received on Wednesday, 30 March 2011 06:17:10 UTC