-----BEGIN PGP SIGNED MESSAGE-----
CDATA section, it seems that the XHTML standard recommends using it.
It doesn't recommend it, it just suggests it as one possibility to
ensure that markup is valid:
This is in contrast to HTML, where (at least in practice) browsers
would special-case the contents of script and style tags and might be
kind if there were unescaped content there. Using htmlspecialchars is
just as valid a way of escaping here.
HTML 4 defines the contents of those elements as CDATA in the DTD, just
like <br> and <img> are defined as having no content so there's no
ambiguity when they're being interpreted by an HTML parser.
XHTML doesn't provide for that sort of declaration, since XML requires
you to be able to parse a document without having a DTD ahead of time.
For compatibility of documents between both HTML and XHTML parsers,
XHTML 1.0 recommends using linked resources if possible -- so there's no
worry about how to escape contents -- or else using explicit
<![CDATA[...]]> sections in your <script> and <style> elements.
- -- brion vibber (brion @ wikimedia.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----