[whatwg] base64 entities

On Thu, 26 Aug 2010 22:30:00 +0200, Julian Reschke <julian.reschke at gmx.de>  
wrote:
> I now get the point about the additional problems in script, but I fail  
> to see how the proposal addresses this, unless expanding these entities  
> is suppose to happen *after* parsing the script.

If you have

   ele.innerHTML = '&%....;'

inside <script> it would be expanded the moment innerHTML is invoked  
(inside script entities are not expanded) and thus be safe from  
"</script>" injection and such. So yes, it happens after.


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Thursday, 26 August 2010 14:59:47 UTC