- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 26 Mar 2010 07:14:05 +0000 (UTC)
- To: Herman Venter <hermanv@microsoft.com>
- Cc: Philip Taylor <excors@gmail.com>, "public-html-comments@w3.org" <public-html-comments@w3.org>
On Fri, 26 Mar 2010, Herman Venter wrote: > > Thanks, that clarifies things a lot. > > Looking closely at the state engine, however, I can only see that </script> > will not end the script block provided that it has been preceded by both an > unterminated <!-- and a opening <script> tag. > > I don't quite see how this meets the requirements in http://wiki.whatwg.org/wiki/CDATA_Escapes > > For example, > <script><!-- > document.write('<scr'+'ipt></script>'); > //--></script> > > Looks to me like it will transition from Script Data Double Escape Start > to Script Data Escaped as soon as the ' following <scr is encountered. > > That will prevent entry into Script Data Double Escaped and cause the > scanning to exit the script state once the first </script> tag is seen. > > Am I misreading this? No, I think your understanding is correct. I believe this was the intention (the wiki page is a bit out of date relative to what ended up being specced after discussion). -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 26 March 2010 07:14:32 UTC