User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826 A textarea containing an HTML comment will render it as plaintext (you will see the actual tag). However a mal-formed comment tag, where the comment is open but never closed will be interpreted as the beginning of a comment block, and never terminating, resulting in not rendering any content following the textarea. This is obviously a huge problem for dynamic sites where users can enter text to be rendered in the textarea. I was under the impression that the only html recognized in a textarea is a closing </TEXTAREA> tag. This is supported by the fact that fully formed comments are displayed inside of a textarea, and not suppressed. See the testcase URL and compare Moz behavior to IE. Reproducible: Always Steps to Reproduce: 1. 2. 3.
well... character entities are also allowed inside a textarea. So its contents _do_ need to be parsed as HTML. It's not clear to me from the HTML spec whether comments are allowed inside textareas, but you should be escaping '<' in any case (what's the prevent a user from typing '</textarea>'?
Assignee: jkeiser → harishd
Component: HTML Form Controls → Parser
QA Contact: tpreston → moied
lev: The behavior you describe is closer to that of an element with CDATA declared content, which <textarea> is not. If "<!-- comment -->" displays in a textarea, that's a bug; it should be escaped as "<!-- comment -->", markup recognition in textareas being normal...
Yes, this is invalid. Convert the "<" to "<" in the textarea and you'll be fine.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.