[whatwg] base64 entities
Julian Reschke
julian.reschke at gmx.de
Thu Aug 26 13:20:30 PDT 2010
On 26.08.2010 22:10, Aryeh Gregor wrote:
> On Thu, Aug 26, 2010 at 5:58 AM, Julian Reschke<julian.reschke at gmx.de> wrote:
>> Not convinced. There's already one way to escape these things, and this is
>> supported in all UAs.
>
> Adam gave two examples of cases where htmlspecialchars() is
> insufficient, even if authors do use it. This proposal is completely
> general and will work anywhere, even in<script>. Is automated
> general escaping even possible right now in<script> for text/html?
I have to admit that I'm not sure what's special about <script> here.
Are you saying that it's insufficient to escape all characters that have
a special meaning there?
Server-wise, how is introducing a new escape mechanism any better than
fixing the support code for the existing mechanism?
Best regards, Julian
More information about the whatwg
mailing list