ansaurus

Question

Extremely strange glitch in Chrome - parses contents of string!

Answer 1

+4 A:

Within X(HT)ML (when actually treated as such), scripts are required to be escaped as CDATA for precisely this reason. http://www.w3.org/TR/xhtml1/diffs.html#h-4.8

In XHTML, the script and style elements are declared as having #PCDATA content. As a result, < and & will be treated as the start of markup, and entities such as < and & will be recognized as entity references by the XML processor to < and & respectively. Wrapping the content of the script or style element within a CDATA marked section avoids the expansion of these entities.
<script type="text/javascript">
<![CDATA[
  ... unescaped script content ...
]]>
</script>

If your XHTML document is just served as text/html and treated as tag soup, that doesn't apply and you'll just have to "escape" the string like '</scr' + 'ipt>'.

deceze 2010-04-23 06:21:56

CDATA... oh yeah. I forgot about that. I always did it with ActionScript. Forgot that you can do it with JavaScript... :)

George Edison 2010-04-23 06:24:02

Doesn't work. Just tried it.

George Edison 2010-04-23 06:26:20

See here: http://files.quickmediasolutions.com/chrome_glitch.html

George Edison 2010-04-23 06:27:44

@George See update.

deceze 2010-04-23 06:36:07

Ah. I get it. Oh well. The other solution you proposed seems to work alright.

George Edison 2010-04-23 06:37:44

Answer 2

A:

Write it this way:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<script type='text/javascript'>
<!--
var data = "</script>";
-->
</script>
</head>
<body>
This should break!
</body>
</html>

The reason is simply that HTML is parsed before executing javascript and the  make the parser ignore all tags that appear in this section.

dbemerlin 2010-04-23 06:22:47

What if your script contains `"-->"` in a string? ;-)

Andy E 2010-04-23 06:40:40

Answer 3

+3 A:

It's not a glitch - this is normal expected behaviour and quite rightly so if you think about it. HTML specs do not define scripting languages, so all the engine should see is plain text up until </script>, which closes the tag. There are a couple of options, other than the ones already outlined:

// escape the / character, changing the format of the "closing" tag
var data = "<\/script>"; 

// break up the string
var data = "</"+"script>";

The first method works because HTML doesn't use \ for escaping, it's treated as a literal character, and of course <\/script> isn't a valid closing tag. The second one works for more obvious reasons, but I've been told by someone else here that it shouldn't be used (and I never quite understood why).

Andy E 2010-04-23 06:27:02

The second one seems to work okay. I don't know why I wouldn't use it either.

George Edison 2010-04-23 06:32:23

@George: The first would be preferable to me anyway, it just doesn't feel right to break up two string literals ;-)

Andy E 2010-04-23 06:50:27

Answer 4

A:

I am calling a JS function that includes a "<" in it.

function ytplayer_render_playlist( ) { for ( var i = 0; i < ytplayer_playlist.length; i++ ) {

I tried surrounding the "<" with CDATA SOMETHING like this. Note: there should be syntax in front and after, but they won't show up here:

CDATA[<]

and it passed XHTML Strict validation, but it breaks the javascript. It is supposed to run a flash video and it breaks, saying it needs a newer version of flash.

How would the W3C want this to be coded?

Tim 2010-05-03 00:19:34

Please post this as a new question.

George Edison 2010-05-03 01:39:20

ansaurus

tags:

views:

answers:

Extremely strange glitch in Chrome - parses contents of string!

related questions