ansaurus

Question

Fix a warning thrown by HTML Validator

Answer 1

+4 A:

Put the javascript in an external file.

Galen 2009-11-18 20:03:13

+1 always best for any significant amount of code

bobince 2009-11-18 20:45:35

Answer 2

A:

Put  around your code.

powtac 2009-11-18 20:30:13

That is a hack for Netscape 2.0 era browsers … that won't solve this problem.

David Dorward 2009-11-18 20:43:43

Has no effect against HTML4 (or HTML 3.2!). Breaks script in XML.

bobince 2009-11-18 20:47:00

But it works, the browsers ignore it.

powtac 2009-11-18 20:52:45

It doesn't work (for the given problem) and browsers ignore the whole script if it is XHTML (unless it is served up at text/html). Argh. I hate XHTML as text/html.

David Dorward 2009-11-18 21:11:53

`` is an XML comment literal in JavaScript 1.6+

Eli Grey 2009-11-18 23:24:39

Answer 3

+1 A:

If you are writing javascript in the html/xhtml page, you can enclose the javascript in CDATA

<script type="text/javascript">
/* <![CDATA[ */
console.log("..js code here..");
/* ]]> */
</script>

vsr 2009-11-18 20:32:55

A `</` sequence inside an XML CDATA section is still invalid when served as HTML, which XHTML almost always is. A `</script` sequence inside the CDATA section will still break HTML browsers.

bobince 2009-11-18 20:44:56

Answer 4

+1 A:

To include code which isn't encoded as XML in an XHTML document (and I'm guessing that's what you're trying to do) you need to do something like the following:

<script type="text/javascript">
//<![CDATA[

alert("<This is now valid XHTML>");

//]]>
</script>

FinnNk 2009-11-18 20:36:30

This is a tolerable solution for dealing with inline script in XHTML — but the validator would complain about the `<option` instead of the `</`, so the question is about HTML.

David Dorward 2009-11-18 20:47:24

Answer 5

+5 A:

The issue is that any </ sequence — known as ETAGO — ends a CDATA element such as a <script>. You can get away with </ in browsers but not </script.

The simplest workaround is to break up the </ sequence with a backslash-escape:

sel.append('<option value="' + data[i].id + '">' + data[i].nombre + '<\/option>');

However this line still has problems, because you aren't HTML-escaping your id and nombre values. If they may contain <, & or ", you've just built yourself a client-side XSS vulnerability!

So either HTML-escape your text values before putting them into strings, or, perhaps simpler, just use the standard DOM:

sel.append(new Option(data[i].nombre, data[i].id));

bobince 2009-11-18 20:41:24

(Using standard DOM)++. innerHTML is quick and dirty, but mostly dirty.

David Dorward 2009-11-18 20:46:00

Hi bobince, I think your answer is the best choice. I tried the sel.append (new Option...) and worked.Now my "sub-question" would be, how do you add an option with some attributes? like class="firstoption", an id, etc.?Hope you've understood me

Enrique 2009-11-19 21:35:49

You can say `var option= new Option(...)` then treat it as any other DOM element, for example `option.className= 'firstoption';` or jQuery `$(option).addClass('firstoption');`.

bobince 2009-11-19 22:53:11

That's it !! thanks bobince

Enrique 2009-11-20 15:13:35

ansaurus

tags:

views:

answers:

Fix a warning thrown by HTML Validator

related questions