JSF 1.2 injecting javaScript that causes w3c Validation failure

Question

One of the goals of our project, which has a heavy DDA requirement, is to ensure that the rendered HTML is 100% compliant with xhtml 1.0 transitional grammar. Sadly, I have one error I cannot eliminate. It's because JSF is injecting the following snippet of javaScript into the page (formatted for clarity) which, because it's not wrapped in CDATA, is rejected by the w3c validator with this message:

Line 443, Column 122: character "<" is the first character of a delimiter but occurred as data

…dp;if (adp != null) {for (var i = 0;i < adp.length;i++) {f.removeChild(adp[i])…

?

This message may appear in several cases:

    You tried to include the "<" character in your page: you should escape it as "&lt;"
    You used an unescaped ampersand "&": this may be valid in some contexts, but it is recommended to use "&amp;", which is always safe.
    Another possibility is that you forgot to close quotes in a previous tag.

My question is it is possible to get JSF to either wrap the script block in CDATA or externalise the script?

<script type="text/javascript" language="Javascript">
    function dpf(f) {
        var adp = f.adp;
        if (adp != null) {
            for (var i = 0;i < adp.length;i++) {
                f.removeChild(adp[i]);
     }}};

    function apf(f, pvp) {
        var adp = new Array();
        f.adp = adp;
        var ps = pvp.split(',');
        for (var i = 0,ii = 0;i < ps.length;i++,ii++) {
            var p = document.createElement("input");p.type = "hidden";p.name = ps[i];p.value = ps[i + 1];
            f.appendChild(p);
            adp[ii] = p;i += 1;
     }};

     function jsfcljs(f, pvp, t) {
        apf(f, pvp);
        var ft = f.target;
        if (t) {
            f.target = t;
        }
        f.submit();
        f.target = ft;dpf(f);
     };
</script>

Answer 1

That's not possible without editing the JS file itself.

Extract jsf-impl.jar file, copy com/sun/faces/sunjsf.js file into the webapp project in exactly the same package structure, ie as a sunjsf.js file inside com.sun.faces package. Edit the < to < and save it. This file will get precedence over the one in the JAR file in classloading hierarchy and will thus be used instead.

Alternatively, you can also always rebuild the JAR file itself with the edited JS file.

Answer 2

try to change your script block like so

<script type="text/javascript">
//<[!CDATA[

  ...your code here

//]]>
</script>

this should make the whole script block ignored by validator parser: if your code source contains characters like the greater than (>), less than (<) you have to put it in CDATA delimiters to make it validated.