- From: Simon Pieters <simonp@opera.com>
- Date: Fri, 26 Mar 2010 11:28:44 +0100
- To: "Herman Venter" <hermanv@microsoft.com>, "Ian Hickson" <ian@hixie.ch>
- Cc: "Philip Taylor" <excors@gmail.com>, "public-html-comments@w3.org" <public-html-comments@w3.org>
On Fri, 26 Mar 2010 08:14:05 +0100, Ian Hickson <ian@hixie.ch> wrote:
> On Fri, 26 Mar 2010, Herman Venter wrote:
>>
>> Thanks, that clarifies things a lot.
>>
>> Looking closely at the state engine, however, I can only see that
>> </script>
>> will not end the script block provided that it has been preceded by
>> both an
>> unterminated <!-- and a opening <script> tag.
>>
>> I don't quite see how this meets the requirements in
>> http://wiki.whatwg.org/wiki/CDATA_Escapes
>>
>> For example,
>> <script><!--
>> document.write('<scr'+'ipt></script>');
>> //--></script>
>>
>> Looks to me like it will transition from Script Data Double Escape Start
>> to Script Data Escaped as soon as the ' following <scr is encountered.
>>
>> That will prevent entry into Script Data Double Escaped and cause the
>> scanning to exit the script state once the first </script> tag is seen.
>>
>> Am I misreading this?
>
> No, I think your understanding is correct. I believe this was the
> intention (the wiki page is a bit out of date relative to what ended up
> being specced after discussion).
Yeah, it's known that it breaks in the above case (the wiki page lists
that case and also another case). However, from the research it only
affected on the order of 10 pages out of 425k, while at the same time
fixing the rest of the about 1000 pages that were broken with the previous
parsing rules.
See http://lists.w3.org/Archives/Public/public-html/2009Oct/0146.html
--
Simon Pieters
Opera Software
Received on Friday, 26 March 2010 10:29:33 UTC