Re: Document conformance and non-empty <script src>

On Wed, 14 May 2008, Simon Pieters wrote:
> The spec says about the content model of the script element:
>    If there is a src attribute, the element must be empty.

Note that since whitespace and comments don't get considered in content 
model decisisons, both are still allowed.

> I'm not sure it is useful to ban contents of <script src> elements.
> Philip` kindly provided some data, as always:
> Things authors put in <script src> deliberatly:
>  A: An empty comment, ";", "var dummy=0;", etc, as a way to prevent their
>     server side XSLT to emit "<script ... />" (though most empty comments
>     are likely just cargo cult). Banning this means that authors have to
>     change their backend in order to move to HTML5, which seems to be an
>     unnecessary blocker for adoption.
>  B: A comment containing a description of the script and/or copyright
>     information. Moving this comment to outside the script element seems
>     pointless and has less chance of surviving copy-paste, and I'd imagine
>     authors would get stumped when the comment says "This notice MUST stay
>     intact for legal use".
>  C: Empty function declarations with the same names as the functions
>     declared in the external script. Personally I find this slightly
>     confusing and would rather put them in a comment.

All of the above can use a comment, which is allowed (in the XML variant, 
at least -- you can't put a comment in the text/html variant).

For A, would a single space work?

I suppose we could allow /* ... */, but that seems oddly specific...

>  D: "document.write(Javascript file not available);". Bogus but harmless.

But bogus.

> Authoring mistakes:
>  E: Forgetting the end tag of the previous script element. It might be
>     useful if conformance checkers checked this explicitly by looking for
>     "<script" that is not in an escaped text span in script src elements,
>     and give a message that there's probably a </script> missing.
>  F: Having an open script element because of a "<script ... />" tag.
>     Conformance checkers flag this mistake already.
>  G: Script that seems to be intended to be run. This doesn't seem to be
>     very common, but perhaps conformance checkers can check this mistake
>     somehow (e.g. by only allowing /*...*/ chunks and lines that start
>     with // or <!--, at least when it's javascript)?
>  H: "<noscript>...</noscript>" or other bogus markup or text.

Catching these seems good.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Wednesday, 14 May 2008 22:07:09 UTC