Jump to navigation Jump to search
- Must not rewind and reparse with different rules.
- It should be possible to have the string <!-- in xmp without having the rest of the page eaten up into xmp element.
- It should be possible to have <!-- near the start of a script or style element without having a matching --> and still the trailing part of the page shouldn't get eaten up into the script or style element.
- Pages authored naively for HTML5-parsing-enabled UAs shouldn't be XSS risks in legacy UAs.
- When the author uses comment-like syntax in the fallback markup in iframe, noembed or noframes, the comment-like syntax should span the same character run that it would if it were parsed as markup.
Nice to Have Requirements
- It would be nice for the rest of the page not to get eaten up when the author omits </title> accidentally or mistypes it as <title>.
- Remove <!-- ... --> escapes from title, textarea and xmp.
- Make the closing condition for <!-- ... --> in iframe, noembed and noframes match the comment closing conditions exactly.
- Remove <!-- ... --> escapes from script and style and introduce a novel string literal detector heuristic.
String Literal Detector Heuristic