Re: XHTML Serializer block/Ajax: Bug

Thu, 15 Mar 2007 20:15:25 -0800 

I've done some investigation.
The first issue is that XHTMLSerializer encodes all double-quotes in text content as ", which is of course absolutely valid XML/XHTML. Unfortunately, when an XHTML document is served up with a text/html mime-type, as you're doing, Firefox doesn't actually parse the document with an XML parser; it instead uses the "quirky" HTML parser which doesn't handle " entities in script. I suspect MSIE behaves similarly. 


So I tried changing the mime-type to application/xhtml+xml.  The good 
news is that the " entities get parsed correctly by Firefox, so 
those errors go away.  The bad news is that apparently Dojo uses 
document.write(), which is not allowed in XHTML, so a different error is 
thrown.  Dojo would have to be fixed to be able to use this mime-type.



Then I looked into Carsten's HTMLSerializer change to see if it could be 
adopted in XHTMLSerializer as well.  Unfortunately I don't think this is 
possible as-is, because his change prevents *all* XML special character 
encoding in text content, which is fine for HTML but would create a 
non-well-formed XHTML document if the script contained a '<' or '&'.



Another option might be to wrap the contents of <script> elements within 
a CDATA section so the JS could remain unencoded but it would still 
result in well-formed XML.  I'm not sure how some browsers would handle 
the CDATA delimiters so they might have to be commented out so they're 
not mistaken for script code:


<script type="text/javascript">/*<![CDATA[*/
while(0 < 1 && true) alert("oops");
/*]]>*/</script>

Thoughts?  I think I'll try implementing this locally and see if it helps.



Andrew Madu wrote:

Hi Jörg,


    Carsten fixed something in the HTMLSerializer, but changed nothing in
    the XHTMLSerialzer:



Yes, I have seen the changes made by Carsten in HTMLSerializer:

@version CVS $Id: HTMLSerializer.java 515096 2007-03-06 12:11:29Z cziegeler

Changes to the XHTMLSerializer were made last by Crossley:

@version CVS $Id: XHTMLSerializer.java 433543 2006-08-22 06:22:54Z crossley


    I have no idea (and no time to investigate) if the XHTMLSerializer needs
    to be updated as well.



Ok. Could someone direct me to the where bugs are flagged?

--
Regards

Andrew





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to