- From: Joey Arhar <notifications@github.com>
- Date: Mon, 04 Oct 2021 14:53:07 -0700
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 4 October 2021 21:53:19 UTC
In the HTML spec, it says that comments must not contain `-->` among other things: https://html.spec.whatwg.org/multipage/syntax.html#comments In the DOM spec, it says that you can create a `Comment` with any text, no restrictions: https://dom.spec.whatwg.org/#interface-comment This was raised in a chrome issue where someone pointed out that you can create a `Comment` in script which contains a `-->`, put other things after the `-->`, and reassign `document.body.innerHTML = document.body.innerHTML` which will make everything after the `-->` get parsed as actual HTML instead of comments @mfreed7 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/1023
Received on Monday, 4 October 2021 21:53:19 UTC