- From: <bugzilla@jessica.w3.org>
- Date: Tue, 22 Oct 2013 18:19:19 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23587 --- Comment #6 from Leif Halvard Silli <xn--mlform-iua@xn--mlform-iua.no> --- (In reply to Jakub Łopuszański from comment #5) > I don't think it would be of much value to suggest to authors of dynamically > genrated mashups to even consider any actions which would require "manual" > treatment of the HTML. And this is how I perceived the suggestion to escape > occurrences of "<script>" inside comments in the scripts. For changes to the parser, there is now bug 23596. This bug cannot change the parser (that's for bug 23596). But it could optimize the restrictions for contents of script elements. Whether PHP needs to escape *all* the “<” to cope with those restrictions, that is a problem related to PHP - but it is not a reason to change the restrictions. As I see it, and given the current state of the HTML parser, the restrictions have problems. For instance, if one does this: <script><!--</script> Then the HTML5 validator screams “error”, despite that it creates no parsing problems. But if one does what you ”did” (or “ended up with”): <script><!--<script></script><!--comment--><script> </script> Then the validator is silent - it blesses it as all good. In both cases, the HTML parser (and the validator.nu) sees a single script element. To me it would make more sense if the validator was silent in the first case, but screamed out in the second case. > Could you provide some real world scenario in which the rules above would be > contrary to authors intention? My suspicision is that there is no use case, except ”theoretical purity”. Ses bug 23596. -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Tuesday, 22 October 2013 18:19:21 UTC