Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-18395

CDATA wrapper should be used in inline css / js code in .tpl

    Details

      Description

      For memory, eZ uses XHTML 1.0 transitional as DOCTYPE (at least for ezwebin, I guess it's the same doctype for ezflow or standard)

      As a result, all css or js code should be wrapped with <![CDATA[ .... ]]>, in order to be sure to validate according to http://validator.w3.org, whatever the css or js code contains

      Good point, ezjscore (in its latest version) wraps inline js code with cdata

      In fact the symbol < and & will make the page NOT validate if not wrapped with CDATA, which may occur often.

      For a test, you can try with the following code:

      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB" lang="en-GB">
      <head>
          <title>..</title>
       
          <script type="text/javascript">
          //<![CDATA[
              if (1 && 2) {
                  console.log('foo');
              }
          //]]>
          </script>
       
          <style type="text/css">
          /* <![CDATA[ */
              .foo < ee {
              }
          /* ]]> */
          </style>
       
      </head>
      <body>
      </body>
      </html>
      

      And if you delete at least one CDATA, the page won't validate anymore.

      => Maybe you could consider scanning the .tpl files, looking for css/js inline code, and wrap the content with cdata ?

      I can see sometimes (but not all the time) javascript code wrapped with <!-- .... //--> which make the code validate, but the same logic should be used everywhere (cdata...)

      In attachment a quick scan.php that highlights files that contain js/css code not wrapped.
      You can change the define at the start of the file to accept <!-- ... //--> as valid js wrapper, but CDATA should really be used instead...

      1. scan.php
        2 kB
        Jerome Despatis

        Activity

        Hide
        Jerome Despatis added a comment -
        Show
        Jerome Despatis added a comment - https://github.com/ezsystems/ezpublish/pull/150 (for ezpublish)

          People

          • Assignee:
            unknown
            Reporter:
            Jerome Despatis
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: