23593 2013-10-22 12:05:47 +0000 New restriction for safe CDATA content in script elements: the string <script> needs to be escaped. 2013-11-02 05:33:19 +0000 1 1 1 Unclassified HTML WG HTML/XHTML Compatibility Authoring Guide (ed: Eliot Graff) unspecified PC Windows NT RESOLVED FIXED P3 normal --- 13604 1 xn--mlform-iua xn--mlform-iua eliotgra mike public-html-admin public-html-wg-issue-tracking qbolec robin xn--mlform-iua public-html-bugzilla oldest_to_newest 95088 0 xn--mlform-iua 2013-10-22 12:05:47 +0000 See comment number 1 in Bug #23587. Polyglot Markup describes ”safe CDATA content”, which is a description of the content that can be safely inserted into a script or style element provided that it is wrapped inside a CDATA declaration. Simply put, that content has to match what the parser rules for the text/html serialization. However, Jakub Łopuszański’s bug, bug #23587, shows that we also need to say something about escaping the <script> start tag, if it occurs inside a comment inside the script element - see comment number 1 of Bug #23587. 95089 1 xn--mlform-iua 2013-10-22 12:07:47 +0000 Accepted, but we need to look at the outcome of bug #23587 (and bug #23590). 95726 2 xn--mlform-iua 2013-11-02 05:33:19 +0000 EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the Editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the Tracker Issue; or you may create a Tracker Issue yourself, if you are able to do so. For more details, see this document: http://dev.w3.org/html5/decision-policy/decision-policy.html Status: Accepted Change Description: Added section on comment syntax inside the script element. Rationale: It is clearly necessary to describe how to avoid this pitfall. See the new text here: http://dev.w3.org/html5/html-polyglot/html-polyglot#CDATA-comment-syntax-in-script Check-in: http://dev.w3.org/cvsweb/html5/html-polyglot/html-polyglot.html?rev=1.6