- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 18 Mar 2009 10:32:42 -0700
- To: Simon Pieters <simonp@opera.com>
- Cc: Robin Berjon <robin@berjon.com>, HTML WG <public-html@w3.org>, www-svg WG <www-svg@w3.org>
On Wed, Mar 18, 2009 at 4:09 AM, Simon Pieters <simonp@opera.com> wrote: > On Wed, 18 Mar 2009 11:21:01 +0100, Jonas Sicking <jonas@sicking.cc> wrote: > >> Note that we wouldn't have to "break" style fully. We could still give it >> the same treatment as <script>. That means that inline scripts with >> <![CDATA[]]> would work fine. > > ...if they used //<![CDATA[ and //]]> (or /*<![CDATA[*/ and /*]]>*/)? Or do > you want to make the JS engine and CSS parser aware of these strings (like > <!--)? Or do you want the HTML parser to strip these strings inside CDATA > elements? > > Personally I think it would be ok to require authors to escape these strings > in text/html, just like they have to do for XHTML as text/html today. The problem is that that that doesn't support the use-case of copying existing XML-SVG into text/html, since no such SVG uses //<![CDATA[ I see two solutions: 1. Support <![CDATA[]]> while tokenizing CDATA. 2. After having read the data from the DOM, strip a leading '<![CDATA[' and trailing ']]>' before handing the data to the CSS/JS engine. >> As would any stylesheets with no entities. One thing that would break is >> stylesheets without <![CDATA[]]> that use the child selector ( > ). > > (Only if it was escaped as > which is not required in XML.) Good point, that would even further reduce the risk that pages out there would break. / Jonas
Received on Wednesday, 18 March 2009 17:33:24 UTC