views:

1103

answers:

4

Hey

Is there any way to fix the error that a JavaScript & causes in w3 validation? The problem is that i have to use && in a if statement and these two &&'s causes errors in w3 validation.

EDIT: Same problem with "<" and ">".

+6  A: 

There are a few things you can do.

You can enclose it within HTML comments:

<script type="text/javascript">
<!--

if (foo && bar) ...

//-->
</script>

You can enclose it in a CDATA section:

<script type="text/javascript">
// <![CDATA[

if (foo && bar) ...

// ]]>
</script>

You can include in in a file instead:

<script src="foobar.js" type="text/javascript"></script>
Greg
+1 to using a JavaScript file. The other two options are a bit dated, use a modern DOCTYPE instead.
T.J. Crowder
Make sure to comment out the HTML comment start. If E4X is enabled (`type` contains `;e4x=1`), the code inside would be a comment literal.
Eli Grey
@TJ I've found some .js will crash if its not inline.. (i.e. googlemap v3)
Talvi Watia
+2  A: 

The primary answer is: Use JavaScript files for JavaScript, not HTML files, and use the src attribute of script tags. (Combine all your JS into one file, minimize, gzip, etc. for performance.)

But, you can embed JavaScript in HTML if absolutely necessary. Use a valid, modern DOCTYPE and you don't have to resort to comment tags and CDATA sections.

Valid HTML5 example:

<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
<title>Example</title>
<script type='text/javascript'>
function foo() {
   var a = 1, b = 2;

   if (a && b) {
      alert("Both");
   }
   if (a < b) {
      alert("a < b");
   }
   if (a > b) {
      alert("a > b");
   }
}
</script>
</head>
<body>
<p>Hi there</p>
</body>
</html>

That will also validate as HTML4 strict if you change the doctype to

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"&gt;

Note that in both cases, you need to be careful about end tags in your script --

This causes the problem:

<script type='text/javascript'>
alert("</td>");
</script>

This solves the problem by prefacing the slash with a backslash (or you can break the end tag up into separate string literals):

<script type='text/javascript'>
alert("<\/td>");
// -or-
alert("<" + "/td>");
</script>

But again, the basic answer is: Don't embed JavaScript within HTML files when you can avoid it, use JavaScript files for that.

T.J. Crowder
-1 without explanation or comment? Nice.
T.J. Crowder
That is the correct answer. +1
A: 

Escape & with &amp;, < with &lt;, and > with &gt;.

Eli Grey
This works great in XHTML … but not HTML-compatible XHTML where it will just break.
David Dorward
David, did you even test it in HTML? It works fine in HTML.
Eli Grey
I don't need to test this trivial thing. It's a very basic part of the differences between HTML and XHTML. That said, here is a test case: http://dorward.me.uk/tmp/no-it-doesnt-work.html (it errors, as expected, in Firefox. I can't be bothered to test in other browsers).
David Dorward
Your test case is inside the script tags where it does not need to be HTML encoded. However, inside the HTML (on a tag property), it most definitely does need to be encoded as with the example I gave above.
John Cavan
If you mean "attribute value", then that is different. The question didn't specify if it was about attribute values or script elements. Script elements are more likely, as intrinsic event attributes tend to have simple function calls in them, so assuming they were what was being discussed was a reasonable assumption.
David Dorward
Based on the original posting, I actually assumed it was on an attribute and not inside a script block. I'm not sure if Elijah made the same assumption, though he didn't say as much.
John Cavan
A: 

Based on your description, I suspect that you're talking about script that's inside an event property in an HTML tag (such as onclick). In that event, the script code needs to be HTML encoded. Elijah hit the nail on the head there.

For example:

<input type="submit" onclick="if(somevar &amp;&amp; othervar) callFunc(&quot;clicked&quot;);">

You do not need to do that inside a <script></script> block.

John Cavan
hmm... Pushed down, not sure why. Whomever did that may want to read the standard, it most definitely applies to both HTML and XHTML. The same applies for URLs in anchor tags, etc. as well.
John Cavan