[whatwg] CDATA and RCDATA restrictions don't always trigger a parse error
Ian Hickson
ian at hixie.ch
Thu Jun 21 23:28:53 PDT 2007
On Wed, 20 Jun 2007, Anne van Kesteren wrote:
>
> Currently CDATA and RCDATA are required not to contain the string
> </script> for instance if the start tag is <script>. However, the
> following does not trigger a parse error:
>
> <script><!-- </script> --></script>
>
> yet it is non-conforming. Given that conformance checkers are required
> to follow the parsing section this is a problem I think.
Fixed (by changing the syntax section, not the parser).
On Thu, 21 Jun 2007, Simon Pieters wrote:
> On Wed, 20 Jun 2007 22:31:37 +0200, Henri Sivonen <hsivonen at iki.fi> wrote:
> >
> > Would there be harm in resolving this by making it conforming?
>
> The harm might be that it's not compatible with Firefox in Standards
> mode.
I don't think that's a good enough reason, given that this can actually be
useful in practice (e.g. to smuggle XML with <script> elements in <script>
elements, as a kind of "data island" thing).
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list