- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 14 May 2008 22:06:31 +0000 (UTC)
- To: Simon Pieters <simonp@opera.com>
- Cc: "public-html@w3.org" <public-html@w3.org>
On Wed, 14 May 2008, Simon Pieters wrote: > > The spec says about the content model of the script element: > > If there is a src attribute, the element must be empty. Note that since whitespace and comments don't get considered in content model decisisons, both are still allowed. > I'm not sure it is useful to ban contents of <script src> elements. > > Philip` kindly provided some data, as always: > http://philip.html5.org/data/nonempty-scripts.html > > > Things authors put in <script src> deliberatly: > > A: An empty comment, ";", "var dummy=0;", etc, as a way to prevent their > server side XSLT to emit "<script ... />" (though most empty comments > are likely just cargo cult). Banning this means that authors have to > change their backend in order to move to HTML5, which seems to be an > unnecessary blocker for adoption. > > B: A comment containing a description of the script and/or copyright > information. Moving this comment to outside the script element seems > pointless and has less chance of surviving copy-paste, and I'd imagine > authors would get stumped when the comment says "This notice MUST stay > intact for legal use". > > C: Empty function declarations with the same names as the functions > declared in the external script. Personally I find this slightly > confusing and would rather put them in a comment. All of the above can use a comment, which is allowed (in the XML variant, at least -- you can't put a comment in the text/html variant). For A, would a single space work? I suppose we could allow /* ... */, but that seems oddly specific... > D: "document.write(Javascript file not available);". Bogus but harmless. But bogus. > Authoring mistakes: > > E: Forgetting the end tag of the previous script element. It might be > useful if conformance checkers checked this explicitly by looking for > "<script" that is not in an escaped text span in script src elements, > and give a message that there's probably a </script> missing. > > F: Having an open script element because of a "<script ... />" tag. > Conformance checkers flag this mistake already. > > G: Script that seems to be intended to be run. This doesn't seem to be > very common, but perhaps conformance checkers can check this mistake > somehow (e.g. by only allowing /*...*/ chunks and lines that start > with // or <!--, at least when it's javascript)? > > H: "<noscript>...</noscript>" or other bogus markup or text. Catching these seems good. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 14 May 2008 22:07:09 UTC