[whatwg] CDATA and RCDATA restrictions don't always trigger a parse error

Ian Hickson ian at hixie.ch
Thu Jun 21 23:28:53 PDT 2007


On Wed, 20 Jun 2007, Anne van Kesteren wrote:
>
> Currently CDATA and RCDATA are required not to contain the string 
> </script> for instance if the start tag is <script>. However, the 
> following does not trigger a parse error:
> 
>  <script><!-- </script> --></script>
> 
> yet it is non-conforming. Given that conformance checkers are required 
> to follow the parsing section this is a problem I think.

Fixed (by changing the syntax section, not the parser).


On Thu, 21 Jun 2007, Simon Pieters wrote:
> On Wed, 20 Jun 2007 22:31:37 +0200, Henri Sivonen <hsivonen at iki.fi> wrote:
> > 
> > Would there be harm in resolving this by making it conforming?
> 
> The harm might be that it's not compatible with Firefox in Standards 
> mode.

I don't think that's a good enough reason, given that this can actually be 
useful in practice (e.g. to smuggle XML with <script> elements in <script> 
elements, as a kind of "data island" thing).

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'



More information about the whatwg mailing list