On Mar 22, 2010, at 5:14 PM, Ian Hickson wrote: > On Thu, 18 Mar 2010, Philip Taylor wrote: >> Anne van Kesteren wrote: >>> On Thu, 18 Mar 2010 11:26:48 +0100, Julian Reschke <julian.reschke@gmx.de >>> > >>> wrote: >>>> Replace the last sentence by: >>>> >>>> "Note: Due to restrictions of the XML syntax, in XML the U+003C >>>> LESS-THAN >>>> SIGN (<) needs be escaped as well." >>> >>> That seems incomplete. The sequence ]]> comes to mind. >> >> That's not an issue in attribute values, as far as I'm aware. >> >> But in attribute values, U+000D and U+000A and U+0009 must be >> escaped too. >> (Depending on DTD you might also need to escape any leading or >> trailing U+0020 >> and at least one of any adjacent pair of U+0020s, I think.) > > This discussion is exactly the reason why including this in the spec > is a > bad idea. Julian & Philip, how confident are you that the full set of characters that need escaping is U+003C, U+000D, U+000A, U+0009 and U+0020? Does & need to be escaped? Speaking in my non-chairing capacity, I think it is better to have correct advice than no advice, but worse to have incorrect advice than no advice. Is there anything we can do to review what characters may be special in an attribute value? Regards, Maciej
Received on Wednesday, 24 March 2010 03:46:31 UTC