Login or Sign up Help | Site Map
Connecting Tech Pros Worldwide
Bytes > Archives > HTML

encoding of scripts

Question posted by: Andy Fish (Guest) on June 27th, 2008 07:16 PM
Hi,

using HTML 4.01 (not xhtml), I have recently discovered that this:

<script>var x='</script>';</script>

is not valid HTML - the fact that there is an end script tag in quotes
causes the parser to stop recognising the script. initially my reaction was
that this is not a surprise because I had failed to HTML encode the script
contents, so my second attempt was this:

<script>var x='&lt;/script&gt;';</script>

however this it DOES NOT WORK - the variable ends up containing the text
"&lt;/script&gt;"

can someone point me at part of the w3c specification that states how script
tags are parsed differently to other tags in HTML.

interestingly i have also discovered that this:

<script>if (3<5);</script>

IS valid html (and seems even to be valid XHTML) even though it is not valid
XML

Andy


Would you like to answer this question?
Sign up for a free account, or Login (if you're already a member).
Erwin Moller's Avatar
Erwin Moller
Guest
n/a Posts
June 27th, 2008
07:16 PM
#2

Re: encoding of scripts
Andy Fish schreef:
Quote:
Originally Posted by
Hi,
>
using HTML 4.01 (not xhtml), I have recently discovered that this:
>
<script>var x='</script>';</script>
>
is not valid HTML - the fact that there is an end script tag in quotes
causes the parser to stop recognising the script. initially my reaction was
that this is not a surprise because I had failed to HTML encode the script
contents, so my second attempt was this:
>
<script>var x='&lt;/script&gt;';</script>
>
however this it DOES NOT WORK - the variable ends up containing the text
"&lt;/script&gt;"
>
can someone point me at part of the w3c specification that states how script
tags are parsed differently to other tags in HTML.
>
interestingly i have also discovered that this:
>
<script>if (3<5);</script>
>
IS valid html (and seems even to be valid XHTML) even though it is not valid
XML
>
Andy
>
>


What about:

<script>var x='<\/script>';</script>
?
Mind the added \

Regards,
Erwin Moller
viza's Avatar
viza
Guest
n/a Posts
June 27th, 2008
07:16 PM
#3

Re: encoding of scripts
On Jun 2, 12:41 pm, "Andy Fish" <ajf...@blueyonder.co.ukwrote:
Quote:
Originally Posted by
can someone point me at part of the w3c specification that states how script
tags are parsed differently to other tags in HTML.


http://www.w3.org/TR/html4/sgml/dtd.html#Script :

<!ENTITY % Script "CDATA" -- script expression -->

http://www.w3.org/TR/html4/sgml/dtd.html#head.content

<!ELEMENT SCRIPT - - %Script; -- script statements -->
Quote:
Originally Posted by
interestingly i have also discovered that this:
>
<script>if (3<5);</script>
>
IS valid html


Apart from the missing required "type" attribute, yes. The content
type of the script element in HTML4 is CDATA, which means everything
up to the first occurrence of </ is read as-is.
Quote:
Originally Posted by
(and seems even to be valid XHTML) even though it is not valid XML


This is not possible since XHTML is XML.

The content type of the script element in XHTML1 is PCDATA, which that
your original idea of using
var= '&lt;foo&gt;'

means the same as
var='<foo>'

in a raw javascript file. Note that this doesn't actually work "in
the wild", because most users have broken browsers (eg: IE).

The best thing to do is to never ever have anything in your script
elements and only include scripts in separate files.

HTH
viza
Andreas Prilop's Avatar
Andreas Prilop
Guest
n/a Posts
June 27th, 2008
07:16 PM
#4

Re: encoding of scripts
On Mon, 2 Jun 2008, Andy Fish wrote:
Quote:
Originally Posted by
Newsgroups: comp.infosystems.www.authoring.html


In how many newsgroups did you multipost?
Jukka K. Korpela's Avatar
Jukka K. Korpela
Guest
n/a Posts
June 27th, 2008
07:16 PM
#5

Re: encoding of scripts
Scripsit Andy Fish:
Quote:
Originally Posted by
using HTML 4.01 (not xhtml), I have recently discovered that this:
>
<script>var x='</script>';</script>
>
is not valid HTML - the fact that there is an end script tag in quotes
causes the parser to stop recognising the script.


The fact that there is an end tag causes that. Quotes do not matter.
They are just data characters in this context.
Quote:
Originally Posted by
<script>var x='&lt;/script&gt;';</script>
>
however this it DOES NOT WORK - the variable ends up containing the
text "&lt;/script&gt;"


By HTML 4.01 rules, yes. There the content model is CDATA, which means
that entity references are not recognized, and "&" is just a data
character.
Quote:
Originally Posted by
can someone point me at part of the w3c specification that states how
script tags are parsed differently to other tags in HTML.


They aren't. The _content_ of the <script_element_ is special. This
can be found in the HTML 4.01 specs simply by looking at the description
of that element; it points to
http://www.w3.org/TR/html401/types.html#type-script
which refers to an appendix that explains ways to overcome the "</"
problem, such as prefixing "/" with "\" in JavaScript. In JavaScript,
you could also write
var x='<'+'/script>';
but that looks a bit more hackish.
Quote:
Originally Posted by
interestingly i have also discovered that this:
>
<script>if (3<5);</script>
>
IS valid html


No it isn't, but that's due to the lack of the type="..." attribute. If
you fix that, then it is valid. That's because the digit "5" isn't a
name start character.
Quote:
Originally Posted by
(and seems even to be valid XHTML)


It isn't valid in XHTML, since by XHTML rules, "<" must not appear in
any context as such except as the starting character of a tag.

In XHTML, the content model of <scriptis #PCDATA, so _there_ you could
use &lt; to stand for "<". But it's not wise to use XHTML as the
delivery format of a web page, because IE does not support XHTML.
Quote:
Originally Posted by
even though it is not valid XML


It would be impossible for a document to be non-valid XML if it is valid
XHTML. This immediately follows from the _definition_ of validity.

There is a simple way to get rid of such complexities: write your script
into an external file and refer to it via <script type="text/javascript"
src="foo.js"></script>.

--
Jukka K. Korpela ("Yucca")
http://www.cs.tut.fi/~jkorpela/

Andy Fish's Avatar
Andy Fish
Guest
n/a Posts
June 27th, 2008
07:16 PM
#6

Re: encoding of scripts
thanks for all the replies - i understand it all now

unfortunately i can't write all my scripts in separate js files because this
is all javascript that i'm generating on the fly on the server, but i have
amended my quoting/encoding functions to detect '</' and split it into 2
concatenated strings

:-)


"Jukka K. Korpela" <jkorpela@cs.tut.fiwrote in message
news:JHT0k.10966$_03.6624@reader1.news.saunalahti. fi...
Quote:
Originally Posted by
Scripsit Andy Fish:
>
Quote:
Originally Posted by
>using HTML 4.01 (not xhtml), I have recently discovered that this:
>>
><script>var x='</script>';</script>
>>
>is not valid HTML - the fact that there is an end script tag in quotes
>causes the parser to stop recognising the script.

>
The fact that there is an end tag causes that. Quotes do not matter. They
are just data characters in this context.
>
Quote:
Originally Posted by
><script>var x='&lt;/script&gt;';</script>
>>
>however this it DOES NOT WORK - the variable ends up containing the
>text "&lt;/script&gt;"

>
By HTML 4.01 rules, yes. There the content model is CDATA, which means
that entity references are not recognized, and "&" is just a data
character.
>
Quote:
Originally Posted by
>can someone point me at part of the w3c specification that states how
>script tags are parsed differently to other tags in HTML.

>
They aren't. The _content_ of the <script_element_ is special. This can
be found in the HTML 4.01 specs simply by looking at the description of
that element; it points to
http://www.w3.org/TR/html401/types.html#type-script
which refers to an appendix that explains ways to overcome the "</"
problem, such as prefixing "/" with "\" in JavaScript. In JavaScript, you
could also write
var x='<'+'/script>';
but that looks a bit more hackish.
>
Quote:
Originally Posted by
>interestingly i have also discovered that this:
>>
><script>if (3<5);</script>
>>
>IS valid html

>
No it isn't, but that's due to the lack of the type="..." attribute. If
you fix that, then it is valid. That's because the digit "5" isn't a name
start character.
>
Quote:
Originally Posted by
>(and seems even to be valid XHTML)

>
It isn't valid in XHTML, since by XHTML rules, "<" must not appear in any
context as such except as the starting character of a tag.
>
In XHTML, the content model of <scriptis #PCDATA, so _there_ you could
use &lt; to stand for "<". But it's not wise to use XHTML as the delivery
format of a web page, because IE does not support XHTML.
>
Quote:
Originally Posted by
>even though it is not valid XML

>
It would be impossible for a document to be non-valid XML if it is valid
XHTML. This immediately follows from the _definition_ of validity.
>
There is a simple way to get rid of such complexities: write your script
into an external file and refer to it via <script type="text/javascript"
src="foo.js"></script>.
>
--
Jukka K. Korpela ("Yucca")
http://www.cs.tut.fi/~jkorpela/



 
Not the answer you were looking for? Post your question . . .
182,371 Experts ready to help you find a solution.
Sign up for a free account, or Login (if you're already a member).

  • Didn't find the answer you were looking for?
    Post Your Question
    • Top Community Contributors
    Quick Browse:
    Communities / Archives
    XML / CSS | HTML | Javascript | PHP | Perl | Visual Basic | Python | C++ / C | Java | .NET / C# / VB / XML / ASP.net | ASP
    PostgreSQL | MS SQL | Oracle | IBM DB2 | MS Access | MySQL

    About Bytes | Sitemap | Privacy Policy | Terms of Use
    Copyright 1995-2008 Bytes.com. All rights Reserved