ansaurus

Question

What does this mean: "document.write('<scr'+'ipt... "?

Answer 1

+4 A:

so that it doesn't get evaluated but gets inserted as a string.

Steve B. 2009-09-24 21:14:58

Answer 2

+5 A:

It's a bad way to prevent XML/XHTML and HTML validators from yelling at the source code.

strager 2009-09-24 21:15:33

So why does Google Analytics uses this method if it's bad? "document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js"... why do they even do it with document.write I don't get it.

vsync 2010-03-24 08:25:29

Answer 3

+14 A:

Consider this simplified example:

<script>
document.write("something </script> something");
</script>

The browser's HTML parser would see the </script> within the JavaScript string and interpret that as the end of the script element.

The HTML parser doesn't know about JavaScript syntax - all it knows is that the <script> element ends at the next </script>.

(It also knows that you can't have nested <script> elements, hence the breaking of the opening <script> as well as the closing </script> in your example.)

RichieHindle 2009-09-24 21:16:34

Note: The same way behaves the colouring of the code in SO. Notice the "something" being treated as a text content outside of the script element.

Grzegorz Oledzki 2009-09-24 21:20:45

Actually, no, SCRIPT element ends at first occurrence of "</", not only "</script>". See: http://www.w3.org/TR/html4/types.html#type-cdata

kangax 2009-09-24 22:53:25

Is this a workaround for old browsers or does it apply even to modern browsers?

hasen j 2009-09-25 00:54:40

@hasen j: It applies to modern browsers - my example goes wrong in Firefox 3.5.

RichieHindle 2009-09-25 06:43:05

Answer 4

A:

Some browsers tend to "act" to fast when parsing a document and immediately try to execute the javascript when they find a script tag (even though it is itself in a piece of js). To avoid this they break the decalration of the tag.

Colin 2009-09-24 21:16:58

I didn't quite understood what you have just said, can you supply further reading on the subject please? it very very interesting.

vsync 2009-09-24 21:26:30

Say you open a page with IE, that has document.write('<script type..etc">'); on it somewhere on the page. IE might incorrectly parse that document.write('<script type..etc">'); and think, "hey, a script tag!" and then executes that code (because it thinks it's just an inline script block). But in reality that document.write('<script type..etc">'); is not supposed to be executed until say the entire page has loaded or until some other condition is met (which can be anything ranging from a user inputting some text etc. etc.) By breaking the <script tag the browser won;t ever misparse it.

Colin 2009-09-24 22:01:21

Answer 5

+3 A:

Suppose you are writing a tool that detects the beginning and end of script blocks in a chunk of text. Suppose you see

<blah><blahdeblah><script>

blah blah blah

blah

print("</script>")

print("<script>")

blah

</script>

</blahdeblah></blah>

Without knowing the syntax of the script language, how does your tool know that this is ONE script block and not TWO script blocks with ")blah between them?

A web browser is such a tool. It's a reasonable practice to make sure you never confuse the web browser by never having <script> or </script> in your file unless it actually is a script tag.

Eric Lippert 2009-09-24 21:19:14

Answer 6

A:

Walt Stoneburner 2009-09-24 22:22:38

Pavel Minaev 2009-09-24 22:49:17

ansaurus

tags:

views:

answers:

What does this mean: "document.write('<scr'+'ipt... "?

related questions