Scripsit Andy Fish:
using HTML 4.01 (not xhtml), I have recently discovered that this:
<script>var x='</script>';</script>
is not valid HTML - the fact that there is an end script tag in quotes
causes the parser to stop recognising the script.
The fact that there is an end tag causes that. Quotes do not matter.
They are just data characters in this context.
<script>var x='</script>';</script>
however this it DOES NOT WORK - the variable ends up containing the
text "</script>"
By HTML 4.01 rules, yes. There the content model is CDATA, which means
that entity references are not recognized, and "&" is just a data
character.
can someone point me at part of the w3c specification that states how
script tags are parsed differently to other tags in HTML.
They aren't. The _content_ of the <script_element_ is special. This
can be found in the HTML 4.01 specs simply by looking at the description
of that element; it points to
http://www.w3.org/TR/html401/types.html#type-script
which refers to an appendix that explains ways to overcome the "</"
problem, such as prefixing "/" with "\" in JavaScript. In JavaScript,
you could also write
var x='<'+'/script>';
but that looks a bit more hackish.
interestingly i have also discovered that this:
<script>if (3<5);</script>
IS valid html
No it isn't, but that's due to the lack of the type="..." attribute. If
you fix that, then it is valid. That's because the digit "5" isn't a
name start character.
(and seems even to be valid XHTML)
It isn't valid in XHTML, since by XHTML rules, "<" must not appear in
any context as such except as the starting character of a tag.
In XHTML, the content model of <scriptis #PCDATA, so _there_ you could
use < to stand for "<". But it's not wise to use XHTML as the
delivery format of a web page, because IE does not support XHTML.
even though it is not valid XML
It would be impossible for a document to be non-valid XML if it is valid
XHTML. This immediately follows from the _definition_ of validity.
There is a simple way to get rid of such complexities: write your script
into an external file and refer to it via <script type="text/javascript"
src="foo.js"></script>.
--
Jukka K. Korpela ("Yucca")
http://www.cs.tut.fi/~jkorpela/