Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-18395

CDATA wrapper should be used in inline css / js code in .tpl



      For memory, eZ uses XHTML 1.0 transitional as DOCTYPE (at least for ezwebin, I guess it's the same doctype for ezflow or standard)

      As a result, all css or js code should be wrapped with <![CDATA[ .... ]]>, in order to be sure to validate according to http://validator.w3.org, whatever the css or js code contains

      Good point, ezjscore (in its latest version) wraps inline js code with cdata

      In fact the symbol < and & will make the page NOT validate if not wrapped with CDATA, which may occur often.

      For a test, you can try with the following code:

      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB" lang="en-GB">
          <script type="text/javascript">
              if (1 && 2) {
          <style type="text/css">
          /* <![CDATA[ */
              .foo < ee {
          /* ]]> */

      And if you delete at least one CDATA, the page won't validate anymore.

      => Maybe you could consider scanning the .tpl files, looking for css/js inline code, and wrap the content with cdata ?

      I can see sometimes (but not all the time) javascript code wrapped with <!-- .... //--> which make the code validate, but the same logic should be used everywhere (cdata...)

      In attachment a quick scan.php that highlights files that contain js/css code not wrapped.
      You can change the define at the start of the file to accept <!-- ... //--> as valid js wrapper, but CDATA should really be used instead...

      1. scan.php
        2 kB
        Jerome Despatis


        Jerome Despatis added a comment -
        Jerome Despatis added a comment - https://github.com/ezsystems/ezpublish/pull/150 (for ezpublish)


          • Assignee:
            Jerome Despatis
          • Votes:
            0 Vote for this issue
            0 Start watching this issue


            • Created: