Re: Document conformance and non-empty <script src>

On Wed, 14 May 2008, Simon Pieters wrote:
> 
> The spec says about the content model of the script element:
> 
>    If there is a src attribute, the element must be empty.

Note that since whitespace and comments don't get considered in content 
model decisisons, both are still allowed.


> I'm not sure it is useful to ban contents of <script src> elements.
> 
> Philip` kindly provided some data, as always:
> http://philip.html5.org/data/nonempty-scripts.html
> 
> 
> Things authors put in <script src> deliberatly:
> 
>  A: An empty comment, ";", "var dummy=0;", etc, as a way to prevent their
>     server side XSLT to emit "<script ... />" (though most empty comments
>     are likely just cargo cult). Banning this means that authors have to
>     change their backend in order to move to HTML5, which seems to be an
>     unnecessary blocker for adoption.
>
>  B: A comment containing a description of the script and/or copyright
>     information. Moving this comment to outside the script element seems
>     pointless and has less chance of surviving copy-paste, and I'd imagine
>     authors would get stumped when the comment says "This notice MUST stay
>     intact for legal use".
> 
>  C: Empty function declarations with the same names as the functions
>     declared in the external script. Personally I find this slightly
>     confusing and would rather put them in a comment.

All of the above can use a comment, which is allowed (in the XML variant, 
at least -- you can't put a comment in the text/html variant).

For A, would a single space work?

I suppose we could allow /* ... */, but that seems oddly specific...


>  D: "document.write(Javascript file not available);". Bogus but harmless.

But bogus.


> Authoring mistakes:
> 
>  E: Forgetting the end tag of the previous script element. It might be
>     useful if conformance checkers checked this explicitly by looking for
>     "<script" that is not in an escaped text span in script src elements,
>     and give a message that there's probably a </script> missing.
>
>  F: Having an open script element because of a "<script ... />" tag.
>     Conformance checkers flag this mistake already.
> 
>  G: Script that seems to be intended to be run. This doesn't seem to be
>     very common, but perhaps conformance checkers can check this mistake
>     somehow (e.g. by only allowing /*...*/ chunks and lines that start
>     with // or <!--, at least when it's javascript)?
> 
>  H: "<noscript>...</noscript>" or other bogus markup or text.

Catching these seems good.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Wednesday, 14 May 2008 22:07:09 UTC