[c] (2) Another attempt at redefining <script> content rules to make …

…zcorpan happy Fixing https://www.w3.org/Bugs/Public/show_bug.cgi?id=23590 Affected topics: HTML git-svn-id: http://svn.whatwg.org/webapps@8313 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Nov 25, 2013 · af79e9f · af79e9f
1 parent a331771
commit af79e9f
Show file tree

Hide file tree

Showing 3 changed files with 92 additions and 53 deletions.
diff --git a/complete.html b/complete.html
@@ -298,7 +298,7 @@
 
   <header class=head id=head><p><a href=http://www.whatwg.org/ class=logo><img width=101 src=/images/logo alt=WHATWG height=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 22 November 2013</h2>
+    <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 25 November 2013</h2>
    </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -52162,31 +52162,26 @@ <h5 id=scriptingLanguages><span class=secno>4.12.1.1 </span>Scripting languages<
 
   <h5 id=restrictions-for-contents-of-script-elements><span class=secno>4.12.1.2 </span><dfn title="script content restrictions">Restrictions for contents of <code>script</code> elements</dfn></h5>
 
+<!--CLEANUP-->
   <p class=note>The easiest and safest way to avoid the rather strange restrictions described in
-  this section is to always escape "<code title="">&lt;!--</code>" as "<code title="">&lt;\!--</code>", "<code title="">&lt;script</code>" as "<code title="">&lt;\script</code>", and "<code title="">&lt;/script</code>" as "<code title="">&lt;\/script</code>" when these sequences appear in scripts (e.g. in strings or in
-  comments). Doing so avoids the pitfalls that the restrictions in this section are prone to
+  this section is to always escape "<code title="">&lt;!--</code>" as "<code title="">&lt;\!--</code>", "<code title="">&lt;script</code>" as "<code title="">&lt;\script</code>", and "<code title="">&lt;/script</code>" as "<code title="">&lt;\/script</code>" when these sequences appear in literals in scripts (e.g. in strings, regular expressions, or
+  comments), and to avoid writing code that uses such constructs in expressions. Doing so avoids the pitfalls that the restrictions in this section are prone to
   triggering: namely, that, for historical reasons, parsing of <code><a href=#the-script-element>script</a></code> blocks in HTML is
-  a strange and exotic practice that acts unintuitively in the face of these strings.</p>
+  a strange and exotic practice that acts unintuitively in the face of these sequences.</p>
 
   <p>The <code><a href=#textcontent>textContent</a></code> of a <code><a href=#the-script-element>script</a></code> element must match the <code title="">script</code> production in the following ABNF, the character set for which is Unicode.
   <a href=#refsABNF>[ABNF]</a></p>
 
-  <pre>script        = data1 *( "&lt;!--" data2 *( script-start data3 script-end data2 ) "--&gt;" data1 )
-
-data1         = &lt; any string that doesn't contain a substring that matches not-data1 &gt;
-not-data1     = <!-- script-end / -->"&lt;!--"             <!-- the script-end is redundant here since it would close the element -->
-
-data2         = &lt; any string that doesn't contain a substring that matches not-data2 &gt;
-not-data2     = <!-- script-end / -->script-start / "--&gt;"  <!-- the script-end is redundant here since it would close the element -->
+  <pre>script        = outer *( comment-open inner comment-close outer )
 
-data3         = &lt; any string that doesn't contain a substring that matches not-data3 &gt;
-not-data3     = script-end / "--&gt;"
+outer         = &lt; any string that doesn't contain a substring that matches not-in-outer &gt;
+not-in-outer  = comment-open
+inner         = &lt; any string that doesn't contain a substring that matches not-in-inner &gt;
+not-in-inner  = comment-close / script-open
 
-script-start  = lt       s c r i p t tag-end
-script-end    = lt slash s c r i p t tag-end
-
-lt            =  %x003C ; U+003C LESS-THAN SIGN character (&lt;)
-slash         =  %x002F ; U+002F SOLIDUS character (/)
+comment-open  = "&lt;!--"
+comment-close = "--&gt;"
+script-open   = "&lt;" s c r i p t tag-end
 
 s             =  %x0053 ; U+0053 LATIN CAPITAL LETTER S
 s             =/ %x0073 ; U+0073 LATIN SMALL LETTER S
@@ -52258,6 +52253,24 @@ <h5 id=restrictions-for-contents-of-script-elements><span class=secno>4.12.1.2 <
  ... // this is a new script block
 </mark>&lt;/script&gt;</pre>
 
+   <p>It is possible for these sequences to naturally occur in script expressions, as in the
+   following examples:</p>
+
+   <pre>if (x&lt;!--y) { ... }
+if ( player&lt;script ) { ... }</pre>
+
+   <p>In such cases the characters cannot be escaped, but the expressions can be rewritten so that
+   the sequences don't occur, as in:</p>
+
+   <pre>if (x &lt; !--y) { ... }
+if (!--y &gt; x) { ... }
+if (!(--y) &gt; x) { ... }
+if (player &lt; script) { ... }
+if (script &gt; player) { ... }</pre>
+
+   <p>Doing this also avoids a different pitfall as well: for related historical reasons, the string
+   "&lt;!--" in JavaScript is actually treated as a line comment start, just like "//".</p>
+
   </div>
 
 

diff --git a/index b/index
@@ -298,7 +298,7 @@
 
   <header class=head id=head><p><a href=http://www.whatwg.org/ class=logo><img width=101 src=/images/logo alt=WHATWG height=101></a></p>
    <hgroup><h1 class=allcaps>HTML</h1>
-    <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 22 November 2013</h2>
+    <h2 class="no-num no-toc">Living Standard &mdash; Last Updated 25 November 2013</h2>
    </hgroup><dl><dt><strong>Web developer edition:</strong></dt>
     <dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
     <dt>Multiple-page version:</dt>
@@ -52162,31 +52162,26 @@ o............A....e
 
   <h5 id=restrictions-for-contents-of-script-elements><span class=secno>4.12.1.2 </span><dfn title="script content restrictions">Restrictions for contents of <code>script</code> elements</dfn></h5>
 
+<!--CLEANUP-->
   <p class=note>The easiest and safest way to avoid the rather strange restrictions described in
-  this section is to always escape "<code title="">&lt;!--</code>" as "<code title="">&lt;\!--</code>", "<code title="">&lt;script</code>" as "<code title="">&lt;\script</code>", and "<code title="">&lt;/script</code>" as "<code title="">&lt;\/script</code>" when these sequences appear in scripts (e.g. in strings or in
-  comments). Doing so avoids the pitfalls that the restrictions in this section are prone to
+  this section is to always escape "<code title="">&lt;!--</code>" as "<code title="">&lt;\!--</code>", "<code title="">&lt;script</code>" as "<code title="">&lt;\script</code>", and "<code title="">&lt;/script</code>" as "<code title="">&lt;\/script</code>" when these sequences appear in literals in scripts (e.g. in strings, regular expressions, or
+  comments), and to avoid writing code that uses such constructs in expressions. Doing so avoids the pitfalls that the restrictions in this section are prone to
   triggering: namely, that, for historical reasons, parsing of <code><a href=#the-script-element>script</a></code> blocks in HTML is
-  a strange and exotic practice that acts unintuitively in the face of these strings.</p>
+  a strange and exotic practice that acts unintuitively in the face of these sequences.</p>
 
   <p>The <code><a href=#textcontent>textContent</a></code> of a <code><a href=#the-script-element>script</a></code> element must match the <code title="">script</code> production in the following ABNF, the character set for which is Unicode.
   <a href=#refsABNF>[ABNF]</a></p>
 
-  <pre>script        = data1 *( "&lt;!--" data2 *( script-start data3 script-end data2 ) "--&gt;" data1 )
-
-data1         = &lt; any string that doesn't contain a substring that matches not-data1 &gt;
-not-data1     = <!-- script-end / -->"&lt;!--"             <!-- the script-end is redundant here since it would close the element -->
-
-data2         = &lt; any string that doesn't contain a substring that matches not-data2 &gt;
-not-data2     = <!-- script-end / -->script-start / "--&gt;"  <!-- the script-end is redundant here since it would close the element -->
+  <pre>script        = outer *( comment-open inner comment-close outer )
 
-data3         = &lt; any string that doesn't contain a substring that matches not-data3 &gt;
-not-data3     = script-end / "--&gt;"
+outer         = &lt; any string that doesn't contain a substring that matches not-in-outer &gt;
+not-in-outer  = comment-open
+inner         = &lt; any string that doesn't contain a substring that matches not-in-inner &gt;
+not-in-inner  = comment-close / script-open
 
-script-start  = lt       s c r i p t tag-end
-script-end    = lt slash s c r i p t tag-end
-
-lt            =  %x003C ; U+003C LESS-THAN SIGN character (&lt;)
-slash         =  %x002F ; U+002F SOLIDUS character (/)
+comment-open  = "&lt;!--"
+comment-close = "--&gt;"
+script-open   = "&lt;" s c r i p t tag-end
 
 s             =  %x0053 ; U+0053 LATIN CAPITAL LETTER S
 s             =/ %x0073 ; U+0073 LATIN SMALL LETTER S
@@ -52258,6 +52253,24 @@ console.log(example);</pre>
  ... // this is a new script block
 </mark>&lt;/script&gt;</pre>
 
+   <p>It is possible for these sequences to naturally occur in script expressions, as in the
+   following examples:</p>
+
+   <pre>if (x&lt;!--y) { ... }
+if ( player&lt;script ) { ... }</pre>
+
+   <p>In such cases the characters cannot be escaped, but the expressions can be rewritten so that
+   the sequences don't occur, as in:</p>
+
+   <pre>if (x &lt; !--y) { ... }
+if (!--y &gt; x) { ... }
+if (!(--y) &gt; x) { ... }
+if (player &lt; script) { ... }
+if (script &gt; player) { ... }</pre>
+
+   <p>Doing this also avoids a different pitfall as well: for related historical reasons, the string
+   "&lt;!--" in JavaScript is actually treated as a line comment start, just like "//".</p>
+
   </div>
 
 

diff --git a/source b/source
@@ -57632,35 +57632,30 @@ o............A....e
 
   <h5><dfn data-x="script content restrictions">Restrictions for contents of <code>script</code> elements</dfn></h5>
 
+<!--CLEANUP-->
   <p class="note">The easiest and safest way to avoid the rather strange restrictions described in
   this section is to always escape "<code data-x="">&lt;!--</code>" as "<code
   data-x="">&lt;\!--</code>", "<code data-x="">&lt;script</code>" as "<code
   data-x="">&lt;\script</code>", and "<code data-x="">&lt;/script</code>" as "<code
-  data-x="">&lt;\/script</code>" when these sequences appear in scripts (e.g. in strings or in
-  comments). Doing so avoids the pitfalls that the restrictions in this section are prone to
+  data-x="">&lt;\/script</code>" when these sequences appear in literals in scripts (e.g. in strings, regular expressions, or
+  comments), and to avoid writing code that uses such constructs in expressions. Doing so avoids the pitfalls that the restrictions in this section are prone to
   triggering: namely, that, for historical reasons, parsing of <code>script</code> blocks in HTML is
-  a strange and exotic practice that acts unintuitively in the face of these strings.</p>
+  a strange and exotic practice that acts unintuitively in the face of these sequences.</p>
 
   <p>The <code>textContent</code> of a <code>script</code> element must match the <code
   data-x="">script</code> production in the following ABNF, the character set for which is Unicode.
   <a href="#refsABNF">[ABNF]</a></p>
 
-  <pre>script        = data1 *( "&lt;!--" data2 *( script-start data3 script-end data2 ) "-->" data1 )
-
-data1         = &lt; any string that doesn't contain a substring that matches not-data1 >
-not-data1     = <!-- script-end / -->"&lt;!--"             <!-- the script-end is redundant here since it would close the element -->
-
-data2         = &lt; any string that doesn't contain a substring that matches not-data2 >
-not-data2     = <!-- script-end / -->script-start / "-->"  <!-- the script-end is redundant here since it would close the element -->
+  <pre>script        = outer *( comment-open inner comment-close outer )
 
-data3         = &lt; any string that doesn't contain a substring that matches not-data3 >
-not-data3     = script-end / "-->"
+outer         = &lt; any string that doesn't contain a substring that matches not-in-outer >
+not-in-outer  = comment-open
+inner         = &lt; any string that doesn't contain a substring that matches not-in-inner >
+not-in-inner  = comment-close / script-open
 
-script-start  = lt       s c r i p t tag-end
-script-end    = lt slash s c r i p t tag-end
-
-lt            =  %x003C ; U+003C LESS-THAN SIGN character (&lt;)
-slash         =  %x002F ; U+002F SOLIDUS character (/)
+comment-open  = "&lt;!--"
+comment-close = "-->"
+script-open   = "&lt;" s c r i p t tag-end
 
 s             =  %x0053 ; U+0053 LATIN CAPITAL LETTER S
 s             =/ %x0073 ; U+0073 LATIN SMALL LETTER S
@@ -57733,6 +57728,24 @@ console.log(example);</pre>
  ... // this is a new script block
 </mark>&lt;/script></pre>
 
+   <p>It is possible for these sequences to naturally occur in script expressions, as in the
+   following examples:</p>
+
+   <pre>if (x&lt;!--y) { ... }
+if ( player&lt;script ) { ... }</pre>
+
+   <p>In such cases the characters cannot be escaped, but the expressions can be rewritten so that
+   the sequences don't occur, as in:</p>
+
+   <pre>if (x &lt; !--y) { ... }
+if (!--y > x) { ... }
+if (!(--y) > x) { ... }
+if (player &lt; script) { ... }
+if (script > player) { ... }</pre>
+
+   <p>Doing this also avoids a different pitfall as well: for related historical reasons, the string
+   "&lt;!--" in JavaScript is actually treated as a line comment start, just like "//".</p>
+
   </div>