John Harris
6/12/2014 10:49:00 AM
On Thu, 12 Jun 2014 09:05:12 +0200, Hans-Georg Michna
<hans-georgNoEmailPlease@michna.com> wrote:
>On Wed, 11 Jun 2014 12:41:45 -0700, Roedy Green wrote:
>
>>Vendors give me snippets of JavaScript to insert in my webpages.
>>
>>Sometimes I see code like this:
>>
>> document.write("<sc"+"ript type='text/javascript'...
>>
>>Why don't they write that as:
>>
>> document.write("<script type='text/javascript'...
>
>That is because under some circumstances the <script ... tag may
>be processed before the document.write(... is executed. The
>split prevents the recognition of the <script ... tag.
What the current draft of the HTML 5 standard says is :
"The easiest and safest way to avoid the rather strange restrictions
described in this section is to always escape "<!--" as "<\!--",
"<script" as "<\script", and "</script" as "<\/script" when these
sequences appear in literals in scripts (e.g. in strings, regular
expressions, or comments)"
John