[Bug 20201] polyglot markup and extensions via <script> (and <style>) from bugzilla@jessica.w3.org on 2013-05-15 (public-html-bugzilla@w3.org from May 2013)

From: <bugzilla@jessica.w3.org>
Date: Wed, 15 May 2013 01:56:34 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-20201-2486-U8LuRQl1NR@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20201

Leif Halvard Silli <xn--mlform-iua@xn--mlform-iua.no> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
                URL|http://www.w3.org/TR/html-p |http://dev.w3.org/html5/htm
                   |olyglot/#script-and-style   |l-xhtml-author-guide/#ambig
                   |                            |uous-strings
         Resolution|WORKSFORME                  |---
           Assignee|eliotgra@microsoft.com      |xn--mlform-iua@xn--mlform-i
                   |                            |ua.no

--- Comment #5 from Leif Halvard Silli <xn--mlform-iua@xn--mlform-iua.no> ---
I want to allow CDATA inside STYLE and SCRIPT, according to these rules:

A) the HTML restrictions for script/style content, does in
     Polyglot apply to CDATA section
     For instance:
  1) one cannot use '</script>' inside 
     <script><![CDATA[<script></script>]]></script>
  2) and one cannot use '</style>' 
     inside <style><![CDATA[<style></style>]]></style>
  3) and eventual comments must begin and end within the 
     CDATA section: <style><![CDATA[<!--*-->]]></style>
B) for script/stylesheet validity, one should hide the 
   CDATA 'tags' using the comment system of the
   scripting or styling language in question:
   <script>
   (function () {
       "use strict"; /*<![CDATA[*/
       var a = "<";
   }());/*]]>*/</script>

In addition to the exension justification mentioned in comment #0, I want to
add the following justification:

DOM related restrictions have no important effect on CSS, but for scripting, it
makes things cumbersome. For instance, the < and the & are used in operators in
JavaScript, and are thus impossible to escape. Also, fact is that & and < are
*not* ambiguous (in the polyglot sense) if they occur inside a CDATA section.
Fact is also that Polyglot recommends to use innerHTML rather than
document.write, and innerHTML is simpler to use if one can add code directly
inside the the script (without escaping it).

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 15 May 2013 01:56:35 UTC