- From: <bugzilla@jessica.w3.org>
- Date: Tue, 06 Sep 2011 08:32:36 +0000
- To: public-html@w3.org
http://www.w3.org/Bugs/Public/show_bug.cgi?id=14041 Summary: inconsistent definitions of safe content for scripts. Product: HTML WG Version: unspecified Platform: PC OS/Version: Windows NT Status: NEW Severity: normal Priority: P2 Component: HTML/XHTML Compatibility Authoring Guide (ed: Eliot Graff) AssignedTo: eliotgra@microsoft.com ReportedBy: davidc@nag.co.uk QAContact: public-html-bugzilla@w3.org CC: mike@w3.org, public-html-wg-issue-tracking@w3.org, public-html@w3.org, eliotgra@microsoft.com Informally, "safe content" is content than you can put in a script (or style) element in a polyglot document, and conversely content that is not safe should be placed in an external file and referenced. However http://dev.w3.org/html5/html-xhtml-author-guide/html-xhtml-authoring-guide.html#external-script-and-style says > Polyglot markup uses external scripts if that document's script or style sheet uses < or & or ]]> or --. The restriction on -- is not needed, <script> a-- </script> would parse the same way in xml or html. It's inclusion appears to be related to the side comment on not using <!-- comments in scripts, but it's inclusion in the list of strings that force the use of external files appears to be bogus. Conversely, the following section http://dev.w3.org/html5/html-xhtml-author-guide/html-xhtml-authoring-guide.html#in-line-script-and-style says Safe content is content that does not contain a < or & character. here, despite what it says in the previous section there is (correctly) no banning of -- and (incorrectly) no banning of ]]> proposal. Take the definition of "safe content" out of 9.1 and place it into section 9 immediately before 9.1 and 9.2 so both can reference it. then 9.1 can say scripts _must_ use external reference if the script uses unsafe content and 9.2 can say scripts may be inline if they only contain safe content. As a definition of "safe content" I think Content is not "safe" if it contains (after any xml or html entity or character references are expanded) the characters < or & or the substring ]]> -- Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
Received on Tuesday, 6 September 2011 08:32:43 UTC