W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2007

[whatwg] CDATA and RCDATA restrictions don't always trigger a parse error

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 22 Jun 2007 06:28:53 +0000 (UTC)
Message-ID: <Pine.LNX.4.64.0706220627220.31033@dhalsim.dreamhost.com>
On Wed, 20 Jun 2007, Anne van Kesteren wrote:
>
> Currently CDATA and RCDATA are required not to contain the string 
> </script> for instance if the start tag is <script>. However, the 
> following does not trigger a parse error:
> 
>  <script><!-- </script> --></script>
> 
> yet it is non-conforming. Given that conformance checkers are required 
> to follow the parsing section this is a problem I think.

Fixed (by changing the syntax section, not the parser).


On Thu, 21 Jun 2007, Simon Pieters wrote:
> On Wed, 20 Jun 2007 22:31:37 +0200, Henri Sivonen <hsivonen at iki.fi> wrote:
> > 
> > Would there be harm in resolving this by making it conforming?
> 
> The harm might be that it's not compatible with Firefox in Standards 
> mode.

I don't think that's a good enough reason, given that this can actually be 
useful in practice (e.g. to smuggle XML with <script> elements in <script> 
elements, as a kind of "data island" thing).

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 21 June 2007 23:28:53 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:56 UTC