I know, there is a similar question available - however, this was 3 years ago, and the comment about text/tcl
didn't seem to catch up in the discussion.
Do you know which version is to prefer when implementing client side templates:
<script type="text/template">
or <script type="text/tcl">
or even <template>
?
- I heard that some security software may filter out certain
<script>
tags which do not match a common standard, sotext/template
could probably be filtered out by some proxy or antivirus software due to security reasons? - Is there any disadvantage in using
text/tcl
? - Is it save to use
<template>
when creating the element first withdocument.createElement("template")
for older browsers (IE)?
Thank you very much for your help in advance.
I've not heard of security software attacking specific
type
s of<script>
; all my experience has been with "security" software that mangled any<script>
they saw. Some research doesn't turn anything further up, but they may have targeted things like VBScript during the bad old IE6-COM exploit days.text/tcl
means the Tcl language, an old W3C choice for a web scripting language that wasn't JavaScript. (There is a long story behind this which explains things like why the DOM is so terrible.)Work was done on implementing it, but I cannot find any browser that accomplished this. There is a Tcl browser plugin, but its demos use
application/x-tcl
, so probably nothing will happen even for that one guy running a decade-old browser with inadvisable plugin choices.The only effect other than the browser ignoring it I do know is that old Internet Explorer does a registry lookup for handlers of unknown
type
values on<script>
. (This came up during HTML5's new<script type="module">
, but I can't dig up the right mailing list/GitHub issue/chat log/wherever the WHATWG discovered that.) They decided it was ignorable (with the Edge team's blessing).It's relatively safe, but beware that markup inside the shivved
<template>
will still execute;src
attributes will load (even if they're empty),<script>
s will run,<style>
s will style, etc.