Take the code below: it obviously fails because the </script>
tag in the string literal is not escaped.
<script>
var myquestion = "What is the tag used to mark the end of a Javascript section?";
var myanswer = "It's </script>!";
alert(myanswer.length);
function someMoreCode() {
// ...
}
</script>
However if I do escape it as shown below, the string variable now contains the literal It's </script>
, not It's </script>
:
<script>
var myquestion = "What is the tag used to mark the end of a Javascript section?";
var myanswer = "It's </script>";
alert(myanswer.length);
function someMoreCode() {
// ...
}
</script>
The popup box will show 17 instead of the expected 14 which is the length of the string It's </script>
.
How can I define a string to have the contents It's </script>
?
I would like a generic method that can be applied to any string as the actual string contents will be coming from user provided data stored in a database, so doing something like "<"+"/script"
wouldn't be suitable.