W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > September 2011

[Bug 14041] inconsistent definitions of safe content for scripts.

From: <bugzilla@jessica.w3.org>
Date: Tue, 06 Sep 2011 19:25:21 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1R11Gr-00030i-B9@jessica.w3.org>

--- Comment #2 from Leif Halvard Silli <xn--mlform-iua@xn--mlform-iua.no> 2011-09-06 19:25:21 UTC ---
(In reply to comment #0)
* A (more) positive definition compared to the one in comment #1. 
* Instead of 'safe content'/'[not] polygot' => '[un]ambiguous code/content'.
   NOTE: 'safe' gives the wrong connotations - it 
              reminds about the vague rules of Appendix C. 

9.x Unambigious content in <script> and <style>

   Except for the well-defined exceptions (e.g. xml:lang="foo"),
   ambigious strings (strings  that XML interprets different from
   HTML and vice-versa) are not used in Polyglot Markup. For the 
   content of <script> and <style> this means that the following
   strings MUST NOT occur:
      1) '<'  - because XML sees it as a tag/comment/CDATA starter
          even inside <script>/<style>. As a consequence, '<!--'
          and '<![CDATA[' may not occur in the content of polyglot 
          <script>/<style> elements.
      2) '&' - because XML sees it as a reference/entity starter even 
          inside <script>/<style>. As a consequence, HTML entities,
          XML entities and  character references may not occur in
          the content of polyglot <script>/<style> elements.
      3) ']]>' - (because XML sees it as a CDATA end mark)
    NOTE: When necessary, a possible workaround might be to 
    include the properly escaped code inside the @src attribute
    of <style> and <script>.

Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Tuesday, 6 September 2011 19:25:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:02:03 UTC