4

Consider the following html document:

<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
alert("Hello")
</script>
</head>
</html>

The result of opening in Firefox, Safari and Chrome is the same in my macbook: an alert message displays "Hello". I was reading this answer to try to understand the behavior of the browers. The main part is:

Since the contents of tags are treated as CDATA, the contents are not parsed and you can store unquoted XML or HTML in the contents (as long as you don't ever put a </script> tag in the contents, since that will close your element).

Lets try what happens when we see the source in Firefox:

source code screenshot with </script> in the alert call

The output in the browser it shows is ") since it thinks that the script tag was closed inside alert. One way to overcome this in case we really, really want to display "</script>" is to do:

<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
alert("<"+"/script>")
</script>
</head>
</html>

Now Firefox understands it:

source code screenshot with "</" + "script>" in the alert call

Question:

It is really simple for the parser to check if </script> is the closing part. It does take more time to check this but it is doable (count the number of quotes before the encounter of </script>. If it is even then it is the closing tag, otherwise continue looking for the closing tag). The question is, is this a rule that we cannot write "</script>" inside javascript? If so, what other subtle rules are out there that I might not be aware of?

The same goes for say php parsers. <?php echo "?>" ?>. I have tested this and php seems to know where the real ?> is located.

Community
  • 1
  • 1
jmlopez
  • 4,853
  • 4
  • 40
  • 74
  • This is why it's common to put HTML comments around the contents of the ` – Barmar Sep 18 '12 at 01:58
  • 2
    `CDATA` applies for XHTML files. HTML comments around a script was to hide it from *ancient* browsers, like Netscape 3 and IE version 2. They serve *no* purpose today. – Jeremy J Starcher Sep 18 '12 at 02:00
  • 2
    The rule that you cannot put `` inside an HTML script element is defined in HTML5 here: http://dev.w3.org/html5/spec/the-script-element.html#restrictions-for-contents-of-script-elements – Alohci Sep 18 '12 at 07:49

1 Answers1

4

Correct, you cannot write "</script>" within inline Javascript, but you can write "<\/script>". In an external Javascript file, you don't have that limitation.

The Javascript engine will see "</script>" as the end of the script, regardless of the context it appears.

As long as you are using HTML and not XHTML, that is the only real gotcha.

XHTML, served as an XHTML file[1] has a few more gotchas, including -- being the beginning and end of XHTML comment.

[1] Very little XHTML stuff is actually served XHTML. It us usually served as HTML and then processed by a tag-soup parser than can make sense of everything from HTML comments embedded and even CDATA tags that don't belong.

albert
  • 8,112
  • 3
  • 47
  • 63
Jeremy J Starcher
  • 23,369
  • 6
  • 54
  • 74
  • Is there any official documentation that mentions this? – jmlopez Sep 18 '12 at 02:03
  • @jmlopez -- It is well known behavior, but I can't find official documentation. The Javascript parser starts at ``. It can't evaulate context, because it hasn't begun to parse yet. Supported by this discussion: http://stackoverflow.com/questions/236073/why-split-the-script-tag-when-writing-it-with-document-write – Jeremy J Starcher Sep 18 '12 at 02:09
  • Alohci found some documentation for HTML5: http://dev.w3.org/html5/spec/the-script-element.html#restrictions-for-contents-of-script-elements – jmlopez Sep 18 '12 at 21:08