admin管理员组文章数量:1341878
I have an app that can generate all sorts of things into the JavaScript strings put on the page. I thought all the escaping were ok, but then I came across a weird problem that I couldn't really find a reason for:
Shouldn't this be legal in an html page:
<script type="text/javascript">
alert("hello </script>");
</script>
'Legal' meaning that it would produce an alert with hello </script>.
Apparently both moz and chrome, on my box at least, cuts the scripting off after the </script> part of the alert string, producing no alert and a messy output. Has anyone run into this, is this a browser bug?
I have an app that can generate all sorts of things into the JavaScript strings put on the page. I thought all the escaping were ok, but then I came across a weird problem that I couldn't really find a reason for:
Shouldn't this be legal in an html page:
<script type="text/javascript">
alert("hello </script>");
</script>
'Legal' meaning that it would produce an alert with hello </script>.
Apparently both moz and chrome, on my box at least, cuts the scripting off after the </script> part of the alert string, producing no alert and a messy output. Has anyone run into this, is this a browser bug?
-
2
Put a slash
alert("hello <\/script>");– Mr. Alien Commented Mar 18, 2014 at 19:13 - Take a look at this great post where is good explanation stackoverflow./questions/66837/… – Jaroslav Kubacek Commented Mar 18, 2014 at 19:34
- possible duplicate of Is it necessary to "escape" character "<" and ">" for javascript string? – user1596138 Commented Mar 18, 2014 at 19:47
3 Answers
Reset to default 10The HTML parses it as:
<script type="text/javascript">
alert("hello
</script>
");
</script>
With the first occurrence of </script> closing the open <script> element. The mon way of avoiding this issue is by including a \ before the / character in the string:
<script type="text/javascript">
alert("hello <\/script>");
</script>
This works because the \ escape character will prevent the browser from recognizing <\/script> as an end tag. Normally \ is used as an escape sequence in JavaScript strings, but as there's no \/ sequence, the escape character is ignored and the string evaluates as '</script'>.
This issue can generally be avoided if you follow the good practice of keeping all of your javascript in external .js files. That said, it's mon to see this sort of escaping used for local script fallbacks for unresponsive CDNs.
<script type="text/javascript">
alert('hello <'+'/script>');
</script>
<script type="text/javascript">
alert('hello <\/script>');
</script>
You should do like
<script type="text/javascript">
// <![CDATA[
alert('hello </script>');
// ]]>
</script>
To prevent the parsing.
本文标签: htmlltscriptgt within a JavaScript string in a ltscriptgt tagStack Overflow
版权声明:本文标题:html - <script> within a JavaScript string in a <script> tag - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1743685366a2521807.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论