RE: Validator fails on PHP instructions inside attribute values from Richard Ishida on 2010-07-19 (www-validator@w3.org from July 2010)

From: Richard Ishida <ishida@w3.org>
Date: Mon, 19 Jul 2010 14:16:53 +0100
To: "'David Dorward'" <david@dorward.me.uk>
Cc: <www-validator@w3.org>
Message-ID: <006001cb2744$a80dd7d0$f8298770$@org>

Perhaps I should have been clearer.  Let me restate the problem:

The processing instructions that demarcate PHP instructions in HTML code
appear to normally be ignored during validation with the HTML Validator,
which is very useful if you have written your code suitably, because it
allows you to check that the HTML code itself is valid before generating the
final page using PHP.  

However, the PHP instructions that are contained within attribute values
don't appear to be recognised as such, and give rise to validation errors,
whereas I would expect that the text between <? and ?> simply be ignored, as
it is elsewhere.

This is currently causing a problem when translators translate the content
of my pages.  I'd like the translator to validate the content themselves
before returning it for integration and upload to the site.  The pages
contains lots of PHP instructions, but none of them cause a validation
problem other than these instances where the PHP code is inside the
attribute value.  I would like these instances to be treated consistently
with other instances of PHP instructions so that the validator provides a
green banner to indicate successful validation.

RI

============
Richard Ishida
Internationalization Lead
W3C (World Wide Web Consortium)

http://www.w3.org/International/
http://rishida.net/

> -----Original Message-----
> From: David Dorward [mailto:dorward@gmail.com] On Behalf Of David
> Dorward
> Sent: 19 July 2010 13:28
> To: Richard Ishida
> Cc: www-validator@w3.org
> Subject: Re: Validator fails on PHP instructions inside attribute values
> 
> 
> On 19 Jul 2010, at 13:17, Richard Ishida wrote:
> 
> > What follows is the output of a validation session.  The validator seems
to
> cope fine with php PIs other than inside attribute values.  Please
recognise
> these as PIs and allow the file to be validated.
> 
> The markup validator validates markup, not PHP source code that generates
> markup.
> 
> Run the software you have written and validate the output.
> 
> Trying to deal with the PHP code would be, for the simplest cases,
impractical
> and vulnerable to false positives and negatives. For more complex cases it
> would be a security hazard.
> 
> --
> David Dorward
> http://dorward.me.uk
> 
> 
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.839 / Virus Database: 271.1.1/3010 - Release Date: 07/18/10
> 19:35:00

Received on Monday, 19 July 2010 13:17:23 UTC