pe**********@gmail.com wrote:
<snip>
<script type="text/javascript">
var lang = "en";
document.write("<scr"+"ipt type='text/javascript'
src='lang/"+lang+"/messages.js'></scr"+"ipt>");
</script>
<snip>
I can't remember the trick about "script" in the document
write statement. i think you only have to break up the
second one so that the script element doesn't close.
Being in a - document.write - call is irrelevant. And HTML parser
reading a script element (as CDATA) has to decide where it is going to
stop passing text to the javascript engine and return to treating text
as mark-up. The HTML spec says that it should do this when it encounters
the first instance of the character sequence '</', which would be
regardless of whether it is in a javascript string (became an HTML
parser known nothing about javascript strings). The SGML spec says that
CDATA will be scanned for '</', but only terminated it when the '</'
turns out to be the start of closing tag for the element, and this is
what browsers do in practice.
However, both the HTML prose and the action of browsers can be satisfied
by avoiding the character sequence '</' inside script elements in an
HTML page. This can be most easily done by escaping the forward slash to
'<\/', which avoids the overheads of superfluous string concatenation
operations.
Opening HTML tags in javascript strings are not an issue at all, and the
HTML spec suggests that the '</' in all closing tags would need to
handled in some way (which the W3C HTML validator used to enforce).
Javascript in external JS files has no issues as no HTML parser ever
examines their text.
Richard.