On Mon, 11 Oct 2004, Jens Brueckmann wrote:
> > For external style sheets, the issue does not exist. No HTML markup
> > whatsoever is recognized there.
> I regret to say that exactly the same issue I described for an HTML 4.01
> Strict document applies to XHTML 1.1 documents (having content type
> application/xhtml+xml) and both for embedded and external style-sheets.
No reason to regret saying the truth, even when it's unpleasant, as it is.
I stand corrected.
It seems that Opera's CSS parsing, or postprocessing, of generated
content, is fundamentally flawed. Opera uses some HTML parsing, including
recognition of character references and entity references, even for
external style sheets.
So any potentially unsafe characters (unsafe either because of the
possibility of CDATA parsing or the possibility of #PCDATA parsing)
in generated content should be written using backslash escapes.
This should be safe, since any browser that is clever enough to support
generated content can be expected to know those escapes as well,
and a backslash has no special significance in HTML, so even mistakenly
applying HTML rules would not affect the backslash escapes.
Jukka "Yucca" Korpela, http://www.cs.tut.fi/~jkorpela/
List wiki/FAQ -- http://css-discuss.incutio.com/
Supported by evolt.org -- http://www.evolt.org/help_support_evolt/