#24 closed defect (fixed)
<script> and <style> element content should not be escaped by HTML serializer
| Reported by: | cmlenz | Owned by: | cmlenz |
|---|---|---|---|
| Priority: | major | Milestone: | 0.2 |
| Component: | Serialization | Version: | |
| Keywords: | Cc: |
Description (last modified by cmlenz)
The XHTML serializer should probably continue to escape scripts and styles… however that means that output needs to be sent as application/xhtml+xml to make scripts containing <, > or & characters work.
See also Kid ticket #99.
Change History (5)
comment:1 Changed 18 years ago by cmlenz
- Component changed from Parsing to Serialization
- Description modified (diff)
- Summary changed from Handling of CDATA to <script> and <style> element content should not be escaped by HTML serializer
comment:2 Changed 18 years ago by arnarbi at gmail
Unfortunately, using "application/xhtml+xml" is currently incompatible with IE.
At the least the option of either not escaping inside script/style tags or including CDATA sections as-is (with the CDATA markers) would be nice.
comment:3 Changed 18 years ago by cmlenz
Passing CDATA sections through doesn't work either when serving as text/html.
What would be needed is something like:
<script type="text/javascript">/*<![CDATA[*/ var x = 1 < 2; /*]]>*/</script>
And that's ignoring pre HTML4 user agents (which would display the contents of the <script> or <style> elements in this case). That can be worked around (see http://www.hixie.ch/advocacy/xhtml), but I don't particularly care about those browsers myself.
comment:4 Changed 18 years ago by cmlenz
It just occurred to me that if we passed CDATA sections through and properly serialized them, you could just do the above trick in your template.
comment:5 Changed 18 years ago by cmlenz
- Resolution set to fixed
- Status changed from new to closed
Actually, this isn't about CDATA, but about escaping the contents of <script> and <style> elements.
Not sure whether trying to pass through CDATA sections as such makes sense.