Simetrical wrote:
I *think* the only place that literal ']]>' would be valid in CSS is comments and string literals. Comments don't matter,
Specially because checkCss removes them, so no need to worry about them :)
The first way seems to be the most straightforward way to handle it for now. It's unlikely to come up with any reasonable frequency, and when it does it can be worked around by authors. If the second way actually works consistently, it would be nicer for CSS. I doubt anything comparable would work for JavaScript, since who knows where ']]>' could occur? if( x[y[z]]>7 ) {...}
You would replace ">" by " >" here as it's an operator. But if it's in a string you want to replace with "+"> or '+'> Perhaps forbidding is the easiest wayy, and make the developers struggle around it, as they did for years with </script>