How can I include </script> in a string?

sa********@gmail.com wrote:

Hello!

I have a JavaScript code like the following.

<script>

var s = "</script>";

...

</script>

As the string contains </script>, the browser thinks JavaScript ends
there.
How can I avoid it?

TIA.

Sam

var s = "<\/script>";

> var s = "<\/script>";

Thanks.
I didn't know that "/" should be escaped.

Sam

sa********@gmail.com said the following on 1/4/2006 8:23 PM:

var s = "<\/script>";

Thanks.
I didn't know that "/" should be escaped.

It is not that the / should be escaped. It is the sequence of </ that
needs to be broken up. By escaping the / you break up the sequence that
should declare and end tag so that the UA doesn't see the complete
sequence. But it causes no changes in the text to JS.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

Lee said the following on 1/4/2006 9:05 PM:

sa********@gmail.com said:

var s = "<\/script>";

Thanks.
I didn't know that "/" should be escaped.

It's not that it *should* be escaped, simply that you *can*
escape it (as you can any character), and doing so means
that your code no longer contains "</script>".

var s = "</\script>";

should work just as well.

Normally it does. But it is not </script> that the UA is supposed to
look for. It is supposed to look for, and end the script block, at </
and escaping the / breaks up that sequence.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

Randy Webb wrote:

Lee said the following on 1/4/2006 9:05 PM:

sa********@gmail.com said:
It's not that it *should* be escaped, simply that you *can*
escape it (as you can any character), and doing so means
that your code no longer contains "</script>".

Normally it does. But it is not </script> that the UA is supposed to
look for. It is supposed to look for, and end the script block, at </
and escaping the / breaks up that sequence.

A related question. I know it's asking for trouble and kids, don't try
this at home, but browser shouldn't parse commented out HTML...
so the ancient deprecated:

<script>
<!--
var x="</script>";
// -->
</script>

should work just fine?
....and if it does, another reason post-decrement considered harmful...
'--' inside <!-- --> toggless commen on and off:

<script>
<!--
var y=2;
y--;
var x="</script>";
y--;
// -->
</script>

Just food for thought, fun for language lawyers.

On 2006-01-05, sa********@gmail.com <sa********@gmail.com> wrote:

var s = "<\/script>";

Thanks.
I didn't know that "/" should be escaped.

yeah, never put / immediately after < in javascript even in string
literals.

"<"+"/script>" would work but "<\/script>" is shorter/faster.

Bye.
Jasen

JRS: In article <11*********************@z14g2000cwz.googlegroups. com>,
dated Wed, 4 Jan 2006 13:38:47 local, seen in news:comp.lang.javascript,
sa********@gmail.com posted :

As the string contains </script>, the browser thinks JavaScript ends
there.
How can I avoid it?

To keep all testers happy, ISTM necessary NEVER to have < / letter
in a string literal. The best in javascript is to use < \ / letter
in all cases, not just for </script>. Or so ISTM.

Another approach is to break the string into two before/after the / and
to concatenate with +. That, using &, is the only way I've found for
VBscript.

--
© John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v4.00 IE 4 ©
<URL:http://www.jibbering.com/faq/> JL/RC: FAQ of news:comp.lang.javascript
<URL:http://www.merlyn.demon.co.uk/js-index.htm> jscr maths, dates, sources.
<URL:http://www.merlyn.demon.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.

"bw****@gmail.com" <bw****@gmail.com> writes:

A related question. I know it's asking for trouble and kids, don't try
this at home, but browser shouldn't parse commented out HTML...
so the ancient deprecated:

<script>
<!--
var x="</script>";
// -->
</script>

should work just fine?
Nope, not by any standard or practical reason.

The sequence "<!--" doesn't start an HTML comment inside a script
element, because the content of the script element is not HTML - and
therefore not parsed by the HTML parser, but by the appropriate script
language parser. Only if the browser doesn't understand the script tag
itself will it be considered an HTML comment, but no browser like that
have been build in almost ten years.

By the standards, the script element begun by <script type="...">
should end at the first occurence of "</". There is no room to wiggle
in the standard. However, any end tag other than </script> would
give an invalid HTML document anyway, so the browsers go into error
recovery mode and ignore the "</" when not followed by "script".
...and if it does, another reason post-decrement considered harmful...
'--' inside <!-- --> toggless commen on and off:

I wouldn't deprecate post/pre decrement for that reason (I actually
like them when used responsibly), but yes, it does make little sense
to use <!-- and //--> to comment out a script if the script includes
the "--" character sequence. But it made little sense to begin with :)
/L
--
Lasse Reichstein Nielsen - lr*@hotpop.com
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleDOM.html>
'Faith without judgement merely degrades the spirit divine.'

Lasse Reichstein Nielsen wrote:

I wouldn't deprecate post/pre decrement for that reason (I actually
like them when used responsibly), but yes, it does make little sense
to use <!-- and //--> to comment out a script if the script includes
the "--" character sequence. But it made little sense to begin with :)

Well, this issue was semi-cleared in the last year "quote-to-death"
discussion about <script> and comments :-)

The trick is that everyone in the scheme acts by <Give to Caesar what
is Caesar's, and to God what is God's> :-)

HTML parser locates <script> </script> fragment and forwards
*everything* what is between > and < right to the script engine. It
doesn't try to validate or anyhow check what a hell it's sending to the
engine.

The engine gets the chunk and before anything else, without trying to
understand what a hell it got, peel it like a banana from the starting
<!-- and the ending //-->
Only then it starts to read that kind of crap it got this time. So you
can put any decrements inside with no fear. Besides is it was shown
that "--" by itself doesn't *officially* end the comment. It just ends
a comment section within the same comment. But again it's irrelevant to
this situation because the interpreter doesn't give a damn what's
inside until the banana is peeled out.

As I've shown yesterday, Firefox (and some other browsers?) are trying
to be finicky about the skin: like Firefox peels <!-- //--> like no
problem but it pretends to be upset if it's <[CDATA[. That is nothing
but fallacy to please some sensitive hearts in W3C. With above
algorithm we could start each script with !@#$ and end up with %^&*
What would not have any practical sense - but no change in algorithm
would be needed.

One just has to stop to try to find a standard in this pre-historic
mechanics. It is because it is, and it's enough as an explanation.
Appendix in our stomach is not used anymore for Him knows how long, but
no one seems to be sleepless to find its "purpose in the modern world".
Neither someone is calling to immediately genetically change the
humanity to free it up from this rudiment. So let the <script><!-- will
not spoil your mood neither. ;-)