Javascript code in <![CDATA[ ]]> won't run




14 years ago
13 years ago


(Reporter: Berkana, Unassigned)



Firefox Tracking Flags

(Not tracked)



(2 attachments)



14 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3

I tried to validate a page I coded using the W3C's validator, and it flagged as
an error the appearance of "<" in the inline script. (I normally avoid inline
scripts, but this one was necessary; writing e-mail addresses chunk by chunk on
the client side protects the e-mail address from e-mail harvesters used by
spammers.) I then found out that code with such characters needs to be marked
off as CDATA, so I put <![CDATA[ before the code, and ]]> after the code, and it
validated, but now the script won't run in Firefox, and the Javascript console
says it has a syntax error which I can't find.

The script in question is the following:

<!-- The following script is a defense against web-crawling e-mail harvesters
--><script type="text/javascript"> <![CDATA[ document.write('<a class="contact"
]]> </script>

(the variables nam and dom are defined in the script area in the head element)

Reproducible: Always

Steps to Reproduce:
1.Write an inline script that uses document.write to insert a mailto:
2.surround the contents of the script with CDATA identifiers: <![CDATA[ and ]]> the page: notice that the specified element doesn't show up.

Actual Results:  
The place where the element was supposed to be inserted by the inline script
shows up blank.

Expected Results:  
the inline script should have executed as it did when there were no CDATA
identifiers wrapping the script; in my case, a mailto: should have been
inserted. The CDATA identifiers were necessary because the script contained <
and other forbidden characters that prevented it from validating as xhtml 1.0.

the javascript console identifies the code as having a syntax error when I
reloaded the page after I wrapped the script with the CDATA tag.

Comment 1

14 years ago
The inline script I posted in the prior report was mistaken: refer to the
following script.

The variables nam and dom are defined in the header:

<script type="text/javascript" language="JavaScript">
<!-- Spam defense script- variable  declarations
var dom="";
var nam="info"; 
// --></script>

The following is the inline script:

<!-- The following script is a defense against web-crawling e-mail harvesters
--><script type="text/javascript"> document.write('<a class="contact"

Comment 2

14 years ago
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b2) Gecko/20050511

Your info is fairly hard to read, and may be incomplete. Do you have a URL
or a test case to attach? You may want to be precise about the DOCTYPE and
the mime type.

Comment 3

14 years ago
Try using /*<![CDATA[*/ and /*]]>*/ instead of <![CDATA[ and ]]>.

This tells the JavaScript interpreter that the CDATA tags are comments and
should be ignored, and should still let your code validate through an XHTML parser.

Comment 4

14 years ago
FWIW, this isn't a Mozilla bug; at least in my quick tests, IE acted the same
way and errored out on the JavaScript when the <![CDATA[ ]]> tags were not
commented out (but worked properly when the tags were commented out as in my
previous reply).

Comment 5

14 years ago
Created attachment 183398 [details]
Testcase (w/ uncommented CDATA tags)

Comment 6

14 years ago
Created attachment 183399 [details]
Testcase (w/ commented CDATA tags)


14 years ago
Keywords: testcase

Comment 7

14 years ago
Your attached cases may have been intended as xml, but were sent with a mime
type of text/html. I have done the same in Bug 285024 "A CDATA section 
that appears inside a STYLE tag will cause the contents of the STYLE tag to be 

If I save either of your cases as a .xml file, then I get this Javascript error:
Error: document.write is not a function
Source File: file:///Users/bfowler/Documents/eWitness/Bug-a.xml
Line: 23

This would appear to be end run around both the problem you are trying
to solve (creating a document in the browser to thwart robots at the server)
and the Reporter's stated query. (You may be able to solve the first using
DOM Core methods, but this may not have been what prompted this Report).

Kindly note that CDATA sections only work in real XML, for our present
purposes that means documents served as application/xhtml+xml . You might
be better off putting your Javascript in a separate file and sourcing it
with a script tag.

I have found that the most accessible guide to deploying Javascript is
Nigel Macfarlane's book .

This may not be as helpful to you as I intend, so if you would care to 
give more information as to why you want to use document.write( ) within
a CDATA section, I will try to make relevant comments

Comment 8

13 years ago
Invalid - see comment 7.
Last Resolved: 13 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.