Skip to content
Permalink
Browse files

[c] (2) Another attempt at redefining <script> content rules to make …

…zcorpan happy

Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23590
Affected topics: HTML

git-svn-id: http://svn.whatwg.org/webapps@8313 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
Hixie committed Nov 25, 2013
1 parent a331771 commit af79e9f545b057c664b3594519503ac6193b66fb
Showing with 92 additions and 53 deletions.
  1. +31 −18 complete.html
  2. +31 −18 index
  3. +30 −17 source

<header class=head id=head><p><a href=http://www.whatwg.org/ class=logo><img width=101 src=/images/logo alt=WHATWG height=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 22 November 2013</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 25 November 2013</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>

<h5 id=restrictions-for-contents-of-script-elements><span class=secno>4.12.1.2 </span><dfn title="script content restrictions">Restrictions for contents of <code>script</code> elements</dfn></h5>

<!--CLEANUP-->
<p class=note>The easiest and safest way to avoid the rather strange restrictions described in
this section is to always escape "<code title="">&lt;!--</code>" as "<code title="">&lt;\!--</code>", "<code title="">&lt;script</code>" as "<code title="">&lt;\script</code>", and "<code title="">&lt;/script</code>" as "<code title="">&lt;\/script</code>" when these sequences appear in scripts (e.g. in strings or in
comments). Doing so avoids the pitfalls that the restrictions in this section are prone to
this section is to always escape "<code title="">&lt;!--</code>" as "<code title="">&lt;\!--</code>", "<code title="">&lt;script</code>" as "<code title="">&lt;\script</code>", and "<code title="">&lt;/script</code>" as "<code title="">&lt;\/script</code>" when these sequences appear in literals in scripts (e.g. in strings, regular expressions, or
comments), and to avoid writing code that uses such constructs in expressions. Doing so avoids the pitfalls that the restrictions in this section are prone to
triggering: namely, that, for historical reasons, parsing of <code><a href=#the-script-element>script</a></code> blocks in HTML is
a strange and exotic practice that acts unintuitively in the face of these strings.</p>
a strange and exotic practice that acts unintuitively in the face of these sequences.</p>

<p>The <code><a href=#textcontent>textContent</a></code> of a <code><a href=#the-script-element>script</a></code> element must match the <code title="">script</code> production in the following ABNF, the character set for which is Unicode.
<a href=#refsABNF>[ABNF]</a></p>

<pre>script = data1 *( "&lt;!--" data2 *( script-start data3 script-end data2 ) "--&gt;" data1 )

data1 = &lt; any string that doesn't contain a substring that matches not-data1 &gt;
not-data1 = <!-- script-end / -->"&lt;!--" <!-- the script-end is redundant here since it would close the element -->

data2 = &lt; any string that doesn't contain a substring that matches not-data2 &gt;
not-data2 = <!-- script-end / -->script-start / "--&gt;" <!-- the script-end is redundant here since it would close the element -->
<pre>script = outer *( comment-open inner comment-close outer )

data3 = &lt; any string that doesn't contain a substring that matches not-data3 &gt;
not-data3 = script-end / "--&gt;"
outer = &lt; any string that doesn't contain a substring that matches not-in-outer &gt;
not-in-outer = comment-open
inner = &lt; any string that doesn't contain a substring that matches not-in-inner &gt;
not-in-inner = comment-close / script-open

script-start = lt s c r i p t tag-end
script-end = lt slash s c r i p t tag-end

lt = %x003C ; U+003C LESS-THAN SIGN character (&lt;)
slash = %x002F ; U+002F SOLIDUS character (/)
comment-open = "&lt;!--"
comment-close = "--&gt;"
script-open = "&lt;" s c r i p t tag-end

s = %x0053 ; U+0053 LATIN CAPITAL LETTER S
s =/ %x0073 ; U+0073 LATIN SMALL LETTER S
... // this is a new script block
</mark>&lt;/script&gt;</pre>

<p>It is possible for these sequences to naturally occur in script expressions, as in the
following examples:</p>

<pre>if (x&lt;!--y) { ... }
if ( player&lt;script ) { ... }</pre>

<p>In such cases the characters cannot be escaped, but the expressions can be rewritten so that
the sequences don't occur, as in:</p>

<pre>if (x &lt; !--y) { ... }
if (!--y &gt; x) { ... }
if (!(--y) &gt; x) { ... }
if (player &lt; script) { ... }
if (script &gt; player) { ... }</pre>

<p>Doing this also avoids a different pitfall as well: for related historical reasons, the string
"&lt;!--" in JavaScript is actually treated as a line comment start, just like "//".</p>

</div>


49 index

<header class=head id=head><p><a href=http://www.whatwg.org/ class=logo><img width=101 src=/images/logo alt=WHATWG height=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 22 November 2013</h2>
<h2 class="no-num no-toc">Living Standard &mdash; Last Updated 25 November 2013</h2>
</hgroup><dl><dt><strong>Web developer edition:</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>

<h5 id=restrictions-for-contents-of-script-elements><span class=secno>4.12.1.2 </span><dfn title="script content restrictions">Restrictions for contents of <code>script</code> elements</dfn></h5>

<!--CLEANUP-->
<p class=note>The easiest and safest way to avoid the rather strange restrictions described in
this section is to always escape "<code title="">&lt;!--</code>" as "<code title="">&lt;\!--</code>", "<code title="">&lt;script</code>" as "<code title="">&lt;\script</code>", and "<code title="">&lt;/script</code>" as "<code title="">&lt;\/script</code>" when these sequences appear in scripts (e.g. in strings or in
comments). Doing so avoids the pitfalls that the restrictions in this section are prone to
this section is to always escape "<code title="">&lt;!--</code>" as "<code title="">&lt;\!--</code>", "<code title="">&lt;script</code>" as "<code title="">&lt;\script</code>", and "<code title="">&lt;/script</code>" as "<code title="">&lt;\/script</code>" when these sequences appear in literals in scripts (e.g. in strings, regular expressions, or
comments), and to avoid writing code that uses such constructs in expressions. Doing so avoids the pitfalls that the restrictions in this section are prone to
triggering: namely, that, for historical reasons, parsing of <code><a href=#the-script-element>script</a></code> blocks in HTML is
a strange and exotic practice that acts unintuitively in the face of these strings.</p>
a strange and exotic practice that acts unintuitively in the face of these sequences.</p>

<p>The <code><a href=#textcontent>textContent</a></code> of a <code><a href=#the-script-element>script</a></code> element must match the <code title="">script</code> production in the following ABNF, the character set for which is Unicode.
<a href=#refsABNF>[ABNF]</a></p>

<pre>script = data1 *( "&lt;!--" data2 *( script-start data3 script-end data2 ) "--&gt;" data1 )

data1 = &lt; any string that doesn't contain a substring that matches not-data1 &gt;
not-data1 = <!-- script-end / -->"&lt;!--" <!-- the script-end is redundant here since it would close the element -->

data2 = &lt; any string that doesn't contain a substring that matches not-data2 &gt;
not-data2 = <!-- script-end / -->script-start / "--&gt;" <!-- the script-end is redundant here since it would close the element -->
<pre>script = outer *( comment-open inner comment-close outer )

data3 = &lt; any string that doesn't contain a substring that matches not-data3 &gt;
not-data3 = script-end / "--&gt;"
outer = &lt; any string that doesn't contain a substring that matches not-in-outer &gt;
not-in-outer = comment-open
inner = &lt; any string that doesn't contain a substring that matches not-in-inner &gt;
not-in-inner = comment-close / script-open

script-start = lt s c r i p t tag-end
script-end = lt slash s c r i p t tag-end

lt = %x003C ; U+003C LESS-THAN SIGN character (&lt;)
slash = %x002F ; U+002F SOLIDUS character (/)
comment-open = "&lt;!--"
comment-close = "--&gt;"
script-open = "&lt;" s c r i p t tag-end

s = %x0053 ; U+0053 LATIN CAPITAL LETTER S
s =/ %x0073 ; U+0073 LATIN SMALL LETTER S
... // this is a new script block
</mark>&lt;/script&gt;</pre>

<p>It is possible for these sequences to naturally occur in script expressions, as in the
following examples:</p>

<pre>if (x&lt;!--y) { ... }
if ( player&lt;script ) { ... }</pre>

<p>In such cases the characters cannot be escaped, but the expressions can be rewritten so that
the sequences don't occur, as in:</p>

<pre>if (x &lt; !--y) { ... }
if (!--y &gt; x) { ... }
if (!(--y) &gt; x) { ... }
if (player &lt; script) { ... }
if (script &gt; player) { ... }</pre>

<p>Doing this also avoids a different pitfall as well: for related historical reasons, the string
"&lt;!--" in JavaScript is actually treated as a line comment start, just like "//".</p>

</div>


47 source

<h5><dfn data-x="script content restrictions">Restrictions for contents of <code>script</code> elements</dfn></h5>

<!--CLEANUP-->
<p class="note">The easiest and safest way to avoid the rather strange restrictions described in
this section is to always escape "<code data-x="">&lt;!--</code>" as "<code
data-x="">&lt;\!--</code>", "<code data-x="">&lt;script</code>" as "<code
data-x="">&lt;\script</code>", and "<code data-x="">&lt;/script</code>" as "<code
data-x="">&lt;\/script</code>" when these sequences appear in scripts (e.g. in strings or in
comments). Doing so avoids the pitfalls that the restrictions in this section are prone to
data-x="">&lt;\/script</code>" when these sequences appear in literals in scripts (e.g. in strings, regular expressions, or
comments), and to avoid writing code that uses such constructs in expressions. Doing so avoids the pitfalls that the restrictions in this section are prone to
triggering: namely, that, for historical reasons, parsing of <code>script</code> blocks in HTML is
a strange and exotic practice that acts unintuitively in the face of these strings.</p>
a strange and exotic practice that acts unintuitively in the face of these sequences.</p>

<p>The <code>textContent</code> of a <code>script</code> element must match the <code
data-x="">script</code> production in the following ABNF, the character set for which is Unicode.
<a href="#refsABNF">[ABNF]</a></p>

<pre>script = data1 *( "&lt;!--" data2 *( script-start data3 script-end data2 ) "-->" data1 )

data1 = &lt; any string that doesn't contain a substring that matches not-data1 >
not-data1 = <!-- script-end / -->"&lt;!--" <!-- the script-end is redundant here since it would close the element -->

data2 = &lt; any string that doesn't contain a substring that matches not-data2 >
not-data2 = <!-- script-end / -->script-start / "-->" <!-- the script-end is redundant here since it would close the element -->
<pre>script = outer *( comment-open inner comment-close outer )

data3 = &lt; any string that doesn't contain a substring that matches not-data3 >
not-data3 = script-end / "-->"
outer = &lt; any string that doesn't contain a substring that matches not-in-outer >
not-in-outer = comment-open
inner = &lt; any string that doesn't contain a substring that matches not-in-inner >
not-in-inner = comment-close / script-open

script-start = lt s c r i p t tag-end
script-end = lt slash s c r i p t tag-end

lt = %x003C ; U+003C LESS-THAN SIGN character (&lt;)
slash = %x002F ; U+002F SOLIDUS character (/)
comment-open = "&lt;!--"
comment-close = "-->"
script-open = "&lt;" s c r i p t tag-end

s = %x0053 ; U+0053 LATIN CAPITAL LETTER S
s =/ %x0073 ; U+0073 LATIN SMALL LETTER S
... // this is a new script block
</mark>&lt;/script></pre>

<p>It is possible for these sequences to naturally occur in script expressions, as in the
following examples:</p>

<pre>if (x&lt;!--y) { ... }
if ( player&lt;script ) { ... }</pre>

<p>In such cases the characters cannot be escaped, but the expressions can be rewritten so that
the sequences don't occur, as in:</p>

<pre>if (x &lt; !--y) { ... }
if (!--y > x) { ... }
if (!(--y) > x) { ... }
if (player &lt; script) { ... }
if (script > player) { ... }</pre>

<p>Doing this also avoids a different pitfall as well: for related historical reasons, the string
"&lt;!--" in JavaScript is actually treated as a line comment start, just like "//".</p>

</div>


0 comments on commit af79e9f

Please sign in to comment.
You can’t perform that action at this time.