- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 26 Mar 2010 07:14:05 +0000 (UTC)
- To: Herman Venter <hermanv@microsoft.com>
- Cc: Philip Taylor <excors@gmail.com>, "public-html-comments@w3.org" <public-html-comments@w3.org>
On Fri, 26 Mar 2010, Herman Venter wrote:
>
> Thanks, that clarifies things a lot.
>
> Looking closely at the state engine, however, I can only see that </script>
> will not end the script block provided that it has been preceded by both an
> unterminated <!-- and a opening <script> tag.
>
> I don't quite see how this meets the requirements in http://wiki.whatwg.org/wiki/CDATA_Escapes
>
> For example,
> <script><!--
> document.write('<scr'+'ipt></script>');
> //--></script>
>
> Looks to me like it will transition from Script Data Double Escape Start
> to Script Data Escaped as soon as the ' following <scr is encountered.
>
> That will prevent entry into Script Data Double Escaped and cause the
> scanning to exit the script state once the first </script> tag is seen.
>
> Am I misreading this?
No, I think your understanding is correct. I believe this was the
intention (the wiki page is a bit out of date relative to what ended up
being specced after discussion).
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 26 March 2010 07:14:32 UTC