W3C home > Mailing lists > Public > public-html@w3.org > March 2010

Re: Change proposal for issue 103, was: ISSUE-103 change proposal

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 23 Mar 2010 20:45:58 -0700
Cc: Philip Taylor <pjt47@cam.ac.uk>, Anne van Kesteren <annevk@opera.com>, public-html@w3.org
Message-id: <62C971A6-845E-4E11-8D80-29801D7E9372@apple.com>
To: Ian Hickson <ian@hixie.ch>

On Mar 22, 2010, at 5:14 PM, Ian Hickson wrote:

> On Thu, 18 Mar 2010, Philip Taylor wrote:
>> Anne van Kesteren wrote:
>>> On Thu, 18 Mar 2010 11:26:48 +0100, Julian Reschke <julian.reschke@gmx.de 
>>> >
>>> wrote:
>>>> Replace the last sentence by:
>>>>
>>>> "Note: Due to restrictions of the XML syntax, in XML the U+003C  
>>>> LESS-THAN
>>>> SIGN (<) needs be escaped as well."
>>>
>>> That seems incomplete. The sequence ]]> comes to mind.
>>
>> That's not an issue in attribute values, as far as I'm aware.
>>
>> But in attribute values, U+000D and U+000A and U+0009 must be  
>> escaped too.
>> (Depending on DTD you might also need to escape any leading or  
>> trailing U+0020
>> and at least one of any adjacent pair of U+0020s, I think.)
>
> This discussion is exactly the reason why including this in the spec  
> is a
> bad idea.

Julian & Philip, how confident are you that the full set of characters  
that need escaping is U+003C, U+000D, U+000A, U+0009 and U+0020? Does  
& need to be escaped?

Speaking in my non-chairing capacity, I think it is better to have  
correct advice than no advice, but worse to have incorrect advice than  
no advice. Is there anything we can do to review what characters may  
be special in an attribute value?

Regards,
Maciej
Received on Wednesday, 24 March 2010 03:46:31 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:16:00 UTC