- From: Lachlan Hunt <lachlan.hunt@lachy.id.au>
- Date: Sun, 17 Jan 2010 11:45:32 +0100
- To: Ian Hickson <ian@hixie.ch>
- Cc: public-html@w3.org
Ian Hickson wrote: > Markup in attributes has it's disadvantages, but it's not necessarily a > problem. One big disadvantage with putting markup in attributes, especially for the doc proposal, is that ampersands will often have to be double escaped as &amp;, due to the content of doc effectively being parsed twice - once as the content of the attribute, and then again to parse the string as a document. e.g. Consider marking up a link containing this URL: ?name=foo&title=bar§=1 By only escaping the ampersands once like this, the following happens: <iframe doc="<a href="?name=foo&title=bar&sect=1">link</a>"> The & entites are decoded as they parsed the first time to obtain the attribute value. This results in the following string: "<a href="?name=foo&title=bar§=1">link</a>" This is then parsed again by a new instance of the HTML parser, which results in the first ampersand being flagged as a parse error, and the second being interperted as §. This is then equivalent to the following: <a href="?name=foo&title=bar§=1">link</a> The parse error might be deemed acceptable in text/html because it's non-fatal and ends up with the correct result, even though it would be non-conforming, but the latter misinterpretation would break the link. But for XHTML, it gets worse, because the first ampersand would be fatal. There are also other similar problems that would be caused by using < isntead of double escaping it as &lt;. These problems would be avoided if the markup had instead been the following, even though it's more complicated for authors to get right: <iframe doc="<a href="?name=foo&amp;title=bar&amp;sect=1">link</a>"> -- Lachlan Hunt - Opera Software http://lachy.id.au/ http://www.opera.com/
Received on Sunday, 17 January 2010 10:46:05 UTC