21

I've seen this on every Yahoo! news page, at the bottom of the source code,
and failed to understand why they break the script word like that.

Does anybody know if there's any reason for this?

document.write("<scr"+"ipt language=javascript src=http://l.yimg.com/d/lib/bc/bc_2.0.4.js></scr"+"ipt>");
vsync
  • 118,978
  • 58
  • 307
  • 400

6 Answers6

43

Consider this simplified example:

<script>
document.write("something </script> something");
</script>

The browser's HTML parser would see the </script> within the JavaScript string and interpret that as the end of the script element.

The HTML parser doesn't know about JavaScript syntax - all it knows is that the <script> element ends at the next </script>.

(It also knows that you can't have nested <script> elements, hence the breaking of the opening <script> as well as the closing </script> in your example.)

RichieHindle
  • 272,464
  • 47
  • 358
  • 399
  • 13
    Note: The same way behaves the colouring of the code in SO. Notice the "something" being treated as a text content outside of the script element. – Grzegorz Oledzki Sep 24 '09 at 21:20
  • 1
    Actually, no, SCRIPT element ends at first occurrence of "", not only "". See: http://www.w3.org/TR/html4/types.html#type-cdata – kangax Sep 24 '09 at 22:53
  • 1
    Is this a workaround for old browsers or does it apply even to modern browsers? – hasen Sep 25 '09 at 00:54
  • @hasen j: It applies to modern browsers - my example goes wrong in Firefox 3.5. – RichieHindle Sep 25 '09 at 06:43
4

Suppose you are writing a tool that detects the beginning and end of script blocks in a chunk of text. Suppose you see

<blah><blahdeblah><script>

blah blah blah

blah

print("</script>")

print("<script>")

blah

</script>

</blahdeblah></blah>

Without knowing the syntax of the script language, how does your tool know that this is ONE script block and not TWO script blocks with ")blah between them?

A web browser is such a tool. It's a reasonable practice to make sure you never confuse the web browser by never having <script> or </script> in your file unless it actually is a script tag.

Eric Lippert
  • 647,829
  • 179
  • 1,238
  • 2,067
3

so that it doesn't get evaluated but gets inserted as a string.

Steve B.
  • 55,454
  • 12
  • 93
  • 132
3

It's a bad way to prevent XML/XHTML and HTML validators from yelling at the source code.

strager
  • 88,763
  • 26
  • 134
  • 176
  • 2
    So why does Google Analytics uses this method if it's bad? "document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js"... why do they even do it with document.write I don't get it. – vsync Mar 24 '10 at 08:25
0

Some browsers tend to "act" to fast when parsing a document and immediately try to execute the javascript when they find a script tag (even though it is itself in a piece of js). To avoid this they break the decalration of the tag.

Colin
  • 10,630
  • 28
  • 36
  • I didn't quite understood what you have just said, can you supply further reading on the subject please? it very very interesting. – vsync Sep 24 '09 at 21:26
  • Say you open a page with IE, that has document.write(' – Colin Sep 24 '09 at 22:01
0

For a full discussion of this, see:
   http://www.wwco.com/~wls/blog/2007/04/25/using-script-in-a-javascript-literal/

The short answer is that your code is parsed in two discrete steps.

The first one is XML. And that means that the element <SCRIPT> is looking for a </SCRIPT>. It's important to remember that XML elements are content agnostic. That means that the parser doesn't know yet that there's JavaScript in there.

Once it has the contents of the <SCRIPT> element, then it processes that chunk of text, which presumably is JavaScript.

By splitting up the tag with a string concatenate operator you prevent a constant from tripping up the XML phase.

One simple solution is to put &lt; and &gt; in the Javascript text.

Umbrella
  • 4,733
  • 2
  • 22
  • 31
Walt Stoneburner
  • 2,562
  • 4
  • 24
  • 37
  • 2
    All good, except that it's parsed as HTML (that is, SGML), not XML. HTML has very specific wording for ``. Hence why this JS trick works. XML, on the other hand, would just barf on the first `<` inside, unless you use CDATA (and if you do use CDATA, then you do not need JS trick). – Pavel Minaev Sep 24 '09 at 22:49