Correct recommendations to escape script in literals

Fixes #7179.
whatwg · Oct 18, 2021 · 5fbe933 · 5fbe933
1 parent 3285b98
commit 5fbe933
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/source b/source
@@ -59464,9 +59464,9 @@ o............A....e
 
   <p class="note">The easiest and safest way to avoid the rather strange restrictions described in
   this section is to always escape an ASCII case-insensitive match for "<code
-  data-x="">&lt;!--</code>" as "<code data-x="">&lt;\!--</code>", "<code
-  data-x="">&lt;script</code>" as "<code data-x="">&lt;\script</code>", and "<code
-  data-x="">&lt;/script</code>" as "<code data-x="">&lt;\/script</code>" when these sequences appear
+  data-x="">&lt;!--</code>" as "<code data-x="">\x3C!--</code>", "<code
+  data-x="">&lt;script</code>" as "<code data-x="">\x3Cscript</code>", and "<code
+  data-x="">&lt;/script</code>" as "<code data-x="">\x3C/script</code>" when these sequences appear
   in literals in scripts (e.g. in strings, regular expressions, or comments), and to avoid writing
   code that uses such constructs in expressions. Doing so avoids the pitfalls that the restrictions
   in this section are prone to triggering: namely, that, for historical reasons, parsing of
@@ -59516,14 +59516,14 @@ tag-end       =/ %x003E ; U+003E GREATER-THAN SIGN (&gt;)</code></pre>
    <p>The following script illustrates this issue. Suppose you have a script that contains a string,
    as in:</p>
 
-   <pre><code class="js">var example = 'Consider this string: &lt;!-- &lt;script>';
+   <pre><code class="js">const example = 'Consider this string: &lt;!-- &lt;script>';
 console.log(example);</code></pre>
 
    <p>If one were to put this string directly in a <code>script</code> block, it would violate the
    restrictions above:</p>
 
    <pre><code class="html">&lt;script>
-  var example = 'Consider this string: &lt;!-- &lt;script>';
+  const example = 'Consider this string: &lt;!-- &lt;script>';
   console.log(example);
 &lt;/script></code></pre>
 
@@ -59535,7 +59535,7 @@ console.log(example);</code></pre>
    fail because the script (highlighted here) is not valid JavaScript:</p>
 
    <pre><code class="html">&lt;script><mark>
-  var example = 'Consider this string: &lt;!-- &lt;script>';
+  const example = 'Consider this string: &lt;!-- &lt;script>';
   console.log(example);
 &lt;/script>
 &lt;!-- despite appearances, this is actually part of the script still! -->
@@ -59551,8 +59551,8 @@ console.log(example);</code></pre>
    avoided entirely:</p>
 
    <pre><code class="html">&lt;script><mark>
-  // Note: `\s` is an escape sequence for `s`.
-  var example = 'Consider this string: &lt;\!-- &lt;\script>';
+  // Note: `\x3C` is an escape sequence for `&lt;`.
+  const example = 'Consider this string: \x3C!-- \x3Cscript>';
   console.log(example);
 </mark>&lt;/script>
 &lt;!-- this is just a comment between script blocks -->