Any comments on this? I would like to commit this to break the currently
broken trunk
On Mon, Apr 13, 2009 at 11:30 AM, Chris Chabot <chab...@google.com> wrote:
> Hey All,
>
> php-shindig's new gadget parser, which uses a dom parser, gets confused
> when assigning a node value that contains a /* comment including a
> >script< */ .. as in it translates it back to <script>foo</script<,
> which then causes the browser to trip because of the unterminated script tag
> (odd btw that it doesn't translate the last < but that's irrelevant to
> the proposed solution)
>
> Would it be ok to remove that comment from core/prefs.js ? The patch would
> be:
>
> Index: src/main/javascript/features/core/prefs.js
> ===================================================================
> --- src/main/javascript/features/core/prefs.js (revision 764189)
> +++ src/main/javascript/features/core/prefs.js (working copy)
> @@ -28,16 +28,6 @@
> * var prefs = new gadgets.Prefs();
> * var name = prefs.getString("name");
> * var lang = prefs.getLang();
> - *
> - * Modules with type=url can also use this library to parse arguments
> passed
> - * by URL, but this is not the common case:
> - *
> - * <script src="http://apache.org/shindig/prefs.js
> "></script>
> - * <script>
> - * gadgets.Prefs.parseUrl();
> - * var prefs = new gadgets.Prefs();
> - * var name = prefs.getString("name");
> - * </script≶
> */
>
>
> We've had trouble with url's and script tags in comments before (as in
> hundreds of thousands of 404's a day on apache's servers due to them), and
> now this issue with the xml parser i'm using, possibly it would be safer not
> to include any form of script tags in the comments? :) (this is the only
> occurrence of a script tag left in the features).
>
> Would like to have a second opinion before committing this 'patch'.
>
> -- Chris
>
