HTMLParser chokes on bad end tag in comment

R

Rene Pijlman

The code below results in an exception (Python 2.4.2):

HTMLParser.HTMLParseError: bad end tag: "</foo' + 'bar>", at line 4,
column 6

Should it? The end tag it chokes on is in comment, isn't it?

import HTMLParser
HTMLParser.HTMLParser().feed("""
<html><head><title></title></head><body><script>
<!--
x = '</foo' + 'bar>'
// -->
</script></body></html>
""")
 
F

Fredrik Lundh

Rene said:
The code below results in an exception (Python 2.4.2):

HTMLParser.HTMLParseError: bad end tag: "</foo' + 'bar>", at line 4,
column 6

Should it? The end tag it chokes on is in comment, isn't it?

no. STYLE and SCRIPT elements contain character data, not parsed
character data, so comments are treated as characters, and the first
"</" ends the element.

if you have broken documents, you can tweak this by setting the
CDATA_CONTENT_ELEMENTS parser attribute before you start parsing.

</F>
 
R

Rene Pijlman

Fredrik Lundh:
Rene Pijlman:
[end tag in html comment in script element]
The end tag it chokes on is in comment, isn't it?

no. STYLE and SCRIPT elements contain character data, not parsed
character data, so comments are treated as characters, and the first
"</" ends the element.

Ah, I see. I'll report the problem to the application that's generating
this broken code (vBulletin forum)...
if you have broken documents, you can tweak this by setting the
CDATA_CONTENT_ELEMENTS parser attribute before you start parsing.

.... and in the mean time that's a good workaround.

Thank you very much Fredrik.
 
E

Edward Elliott

Fredrik said:
no. STYLE and SCRIPT elements contain character data, not parsed
character data, so comments are treated as characters, and the first
"</" ends the element.

Rather than take your word for it, I checked the W3C HTML4 DTD and found
this:

http://www.w3.org/TR/html4/appendix/notes.html#notes-specifying-data

Element content

When script or style data is the content of an element (SCRIPT and STYLE),
the data begins immediately after the element start tag and ends at the
first ETAGO ("</") delimiter followed by a name start character ([a-zA-Z]);
note that this may not be the element's end tag. Authors should therefore
escape "</" within the content. Escape mechanisms are specific to each
scripting or style sheet language.

ILLEGAL EXAMPLE:
The following script data incorrectly contains a "</" sequence (as part of
"</EM>") before the SCRIPT end tag:

<SCRIPT type="text/javascript">
document.write ("<EM>This won't work</EM>")
</SCRIPT>

In JavaScript, this code can be expressed legally by hiding the ETAGO
delimiter before an SGML name start character:

<SCRIPT type="text/javascript">
document.write ("<EM>This will work<\/EM>")
</SCRIPT>


Guess you learn something new every day. Too bad there's so much illegal
code in the wild. :(
 
F

Fredrik Lundh

Edward said:
Guess you learn something new every day. Too bad there's so much illegal
code in the wild. :(

if more people learned something new every day, the wild would look a
lot different.

</F>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top