- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 27 Oct 2009 08:34:27 +0000 (UTC)
- To: Simon Pieters <simonp@opera.com>
- Cc: Henri Sivonen <hsivonen@iki.fi>, HTMLWG WG <public-html@w3.org>
On Mon, 26 Oct 2009, Simon Pieters wrote:
>
> <script><!-- d.w('<script><\/script>'); //--></script>
> <script><!-- d.w('<script></script\>'); //--></script>
> <script><!-- d.w('<script></scr'+'ipt>'); //--></script>
All three are valid per the current spec. For the first one:
script = data1 ; empty
*( escape ; "<!-- d.w('" (see [1] below)
[ script-start ; <script>
data3 ] ; "<\/script>'); //"
"-->" ; "-->"
data1 ) ; empty
[ escape ] ; empty
[1] substring:
escape = "<!--" ; "<!--"
data2 ; " d.w('"
*( script-start data3 script-end data2 ) ; empty
The other two are valid in much the same way, except replace "<\/script>"
with the equivalent bits.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 27 October 2009 08:34:48 UTC