James Ellis wrote: >>> Conditional statements in HTML such as those used by IE/Windows are >>> a slippery slope and they seriously break a central tenet of >>> programming. They are contained with <!-- HTML comments --> and >>> comments in code are not meant to be parsed as code. It's just plain >>> badness. >> >> I don't follow you here. These comments *are meant to be* parsed by >> IE/Win. > > Wrong.. comments are not meant to be parsed by an interpreter. > Comments are descriptive rather than interpretive.
IMHO, the issue here is that you see C.C. as a flaw while I see them as a built-in features. AFAIK, they are *very* reliable, so I'm not really interested in what the interpreter is supposed to parse. Because parsing comments is not an exact science among interpreters anyway... Try this: <!-- <!-- --> hello world --> > Taking one step back here from the browser level here to get closer > to the programming layer would be good. The result of the use of code > in comments is being focused on here rather than how the result was > made. In programming, if we reach a result that appears to work based > on poor coding, we don't have a solution to the problem - we have a > workaround based on exploitable hacks. Mistakes building on mistakes. I do not consider CC as hacks "per se". > Forget that it's IE for a second and look at what is happening in the > programming layer. There is an interpreter that is parsing the code, > when it comes upon a comment section it blithely ignores the fact the > programmer has escaped out of the interpreted part of the script and > into the descriptive part of the script. "Oh, you didn't want me to > parse that but I'll do it anyway -- just to be sure..." where could > this end up? I don't know but I sure don't like the idea of any > interpreter parsing comments, with unexpected results. My point is that the interpreter is not guessing anything, it is built to check if there is a conditional expression passed the "--". > I agree with you both that it works in this situation, but it's based > on flawed programming principles and in doing this we've exposed the > fact that the IE interpreter parses what's in the comment, something > that's not for the interpreter to consume. Place something benign in > the comment that is then interpreted as an action to be carried out - > bang! the interpreter falls over or worse. It's a seriously flawed > method of developing applications. The method is flawed only when badly implemented. But that's true with about everything... Within regular comments include an odd number of pair of these "--" and bang! >> What happens if someone adds a comment that happens to be >>> parsed by some piece of software? the software then goes on and does >>> some unexpected things. >> >> Anything inside coments is supposed to be ignored by UAs so if >> something goes wrong it would be because of the browser and not >> because of what's inside these comments. > > Haven't you just said above that the special conditional comments are > meant to be parsed by IE/Win? I don't follow. I don't either. You're saying: "What happens if someone adds a comment that happens to be parsed by some piece of software? the software then goes on and does some unexpected things." IMO, there are only 2 possibilities: 1. The browser is not IE/Win 5+ : the comment is simply ignored 2. The browser is IE/Win 5+ : it checks for the presence of a conditional expression after the "--" I can't think of a third one where "a piece of software" would evaluate what's inside the comment, unless of course we're dealing with a flawed piece of software... >> Comments, of course, can be machine readable such as those used to >>> provide code documentation or CVS/SVN keywords, but these don't >>> actually run anything or fork the code base. >>> >>> This is a 2005 version of mid 90's browser sniffing - forking the >>> codebase to provide slighlty different content based on the client >>> in use. Better to get the browsers actually rendering things to the >>> published spec (hard, yes, but a better outcome). >> >> IMHO, this is a nice idea, but not very realistic. > > > Well, if we decide not to push the doors won't open. Let's design for modern browsers only? That type of thing? Thierry | www.TJKDesign.com ****************************************************** The discussion list for http://webstandardsgroup.org/ See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list & getting help ******************************************************
