[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.javascript

strange splits

Roedy Green

6/11/2014 7:42:00 PM

Vendors give me snippets of JavaScript to insert in my webpages.

Sometimes I see code like this:

document.write("<sc"+"ript type='text/javascript'...

Why don't they write that as:

document.write("<script type='text/javascript'...
--
Roedy Green Canadian Mind Products http://mi...
In former times, people who craved absolute power became gangsters.
Today, they become computer programmers.
7 Answers

scattered

6/11/2014 8:07:00 PM

0

On Wednesday, June 11, 2014 3:41:45 PM UTC-4, Roedy Green wrote:
> Vendors give me snippets of JavaScript to insert in my webpages.
>
>
>
> Sometimes I see code like this:
>
>
>
> document.write("<sc"+"ript type='text/javascript'...
>
>
>
> Why don't they write that as:
>
>
>
> document.write("<script type='text/javascript'...
>
> --
>
> Roedy Green Canadian Mind Products http://mi...
>
> In former times, people who craved absolute power became gangsters.
>
> Today, they become computer programmers.

Just guessing, but it seems like an attempt to bypass some security software that doesn't like scripts which generate scripts.

Hans-Georg Michna

6/12/2014 7:05:00 AM

0

On Wed, 11 Jun 2014 12:41:45 -0700, Roedy Green wrote:

>Vendors give me snippets of JavaScript to insert in my webpages.
>
>Sometimes I see code like this:
>
> document.write("<sc"+"ript type='text/javascript'...
>
>Why don't they write that as:
>
> document.write("<script type='text/javascript'...

That is because under some circumstances the <script ... tag may
be processed before the document.write(... is executed. The
split prevents the recognition of the <script ... tag.

Hans-Georg

Evertjan.

6/12/2014 8:18:00 AM

0

Hans-Georg Michna <hans-georgNoEmailPlease@michna.com> wrote on 12 jun 2014
in comp.lang.javascript:

> On Wed, 11 Jun 2014 12:41:45 -0700, Roedy Green wrote:
>
>>Vendors give me snippets of JavaScript to insert in my webpages.
>>
>>Sometimes I see code like this:
>>
>> document.write("<sc"+"ript type='text/javascript'...
>>
>>Why don't they write that as:
>>
>> document.write("<script type='text/javascript'...
>
> That is because under some circumstances the <script ... tag may
> be processed before the document.write(... is executed. The
> split prevents the recognition of the <script ... tag.

Indeed, that is what I read over and over again.
Is it [still] true in modern browsers?

Questions:
When will this script execute?
Immediately?

Meseems the whole approach only makes sense for
adding an external script by a script.

=========================

Now when the page has finished loading,
using the DOM to add such script node,
by onload = .. or interactive like onclick = ...,
seems the way to go:

var s = document.createElement('script');
s.type = 'text/javascript';
s.src = 'http://????/???.js';
document.body.appendChild(s);

Questions:
When will this execute?
Immediately?
Only after the appendChild()?
Is the appendChild() even necessary for execution?

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

John Harris

6/12/2014 10:49:00 AM

0

On Thu, 12 Jun 2014 09:05:12 +0200, Hans-Georg Michna
<hans-georgNoEmailPlease@michna.com> wrote:

>On Wed, 11 Jun 2014 12:41:45 -0700, Roedy Green wrote:
>
>>Vendors give me snippets of JavaScript to insert in my webpages.
>>
>>Sometimes I see code like this:
>>
>> document.write("<sc"+"ript type='text/javascript'...
>>
>>Why don't they write that as:
>>
>> document.write("<script type='text/javascript'...
>
>That is because under some circumstances the <script ... tag may
>be processed before the document.write(... is executed. The
>split prevents the recognition of the <script ... tag.

What the current draft of the HTML 5 standard says is :

"The easiest and safest way to avoid the rather strange restrictions
described in this section is to always escape "<!--" as "<\!--",
"<script" as "<\script", and "</script" as "<\/script" when these
sequences appear in literals in scripts (e.g. in strings, regular
expressions, or comments)"

John

Christoph M. Becker

6/14/2014 3:56:00 PM

0

Evertjan. wrote:

> var s = document.createElement('script');
> s.type = 'text/javascript';
> s.src = 'http://????/???.js';
> document.body.appendChild(s);
>
> Questions:
> When will this execute?
> Immediately?
> Only after the appendChild()?
> Is the appendChild() even necessary for execution?

I don't know if there is any standard specification of the behavior, but
a quick test on current stable Chrome required to insert the script
element into the DOM before the script was loaded.

--
Christoph M. Becker

Thomas 'PointedEars' Lahn

6/14/2014 7:43:00 PM

0

Christoph Michael Becker wrote:

> I don't know if there is any standard specification of the behavior, but
> a quick test on current stable Chrome required to insert the script
> element into the DOM before the script was loaded.

There is something close that specifies exactly this behavior:

<http://www.w3.org/TR/2014/CR-html5-20140204/scripting-1.html#the-script-e...

I think it is only logical that the script element resource would not be
parsed before it is inserted because a client-side script may depend on
symbols defined in other scripts that may need to be included dynamically as
well.

However, it should be noted that loading script elements this way is
asynchronous: you cannot assume that the symbols in the loaded script are
immediately available afterwards. It is therefore good that HTML5 CR also
specifies events like â??beforescriptexecuteâ?, â??afterscriptexecuteâ? and, most
notably, â??loadâ?, for the â??scriptâ? element. It would appear that, finally,
there is going to be a standards-compliant way to load script resources
dynamically without resorting to hacks and XHR.

--
PointedEars
FAQ: <http://PointedEars.... | SVN: <http://PointedEars.de...
Twitter: @PointedEars2 | ES Matrix: <http://PointedEars.de/es-...
Please do not Cc: me. / Bitte keine Kopien per E-Mail.

Christoph M. Becker

6/16/2014 5:36:00 PM

0

Thomas 'PointedEars' Lahn wrote:

> Christoph Michael Becker wrote:
>
>> I don't know if there is any standard specification of the behavior, but
>> a quick test on current stable Chrome required to insert the script
>> element into the DOM before the script was loaded.
>
> There is something close that specifies exactly this behavior:
>
> <http://www.w3.org/TR/2014/CR-html5-20140204/scripting-1.html#the-script-e...

Indeed. Thanks.

> I think it is only logical that the script element resource would not be
> parsed before it is inserted because a client-side script may depend on
> symbols defined in other scripts that may need to be included dynamically as
> well.

ACK

> However, it should be noted that loading script elements this way is
> asynchronous: you cannot assume that the symbols in the loaded script are
> immediately available afterwards. It is therefore good that HTML5 CR also
> specifies events like â??beforescriptexecuteâ?, â??afterscriptexecuteâ? and, most
> notably, â??loadâ?, for the â??scriptâ? element.

Thanks. I was not aware of these events.

> It would appear that, finally,
> there is going to be a standards-compliant way to load script resources
> dynamically without resorting to hacks and XHR.

ACK

--
Christoph M. Becker