Simetrical wrote:
I *think* the only place that literal ']]>'
would be valid in CSS is
comments and string literals. Comments don't matter,
Specially because
checkCss removes them, so no need to worry about them :)
The first way seems to be the most straightforward way
to handle it
for now. It's unlikely to come up with any reasonable frequency, and
when it does it can be worked around by authors. If the second way
actually works consistently, it would be nicer for CSS. I doubt
anything comparable would work for JavaScript, since who knows where
']]>' could occur? if( x[y[z]]>7 ) {...}
You would replace ">" by " >" here as it's an operator. But
if it's in a
string you want to replace with "+"> or '+'>
Perhaps forbidding is the easiest wayy, and make the developers struggle
around it, as they did for years with </script>