Closed
Bug 308004
Opened 20 years ago
Closed 20 years ago
Quoted string containing </script> ends script
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 301847
People
(Reporter: mozilla, Unassigned)
References
()
Details
Attachments
(1 file)
|
17.94 KB,
image/png
|
Details |
Screen capture for those unable to see it.
20050907 trunk
This has been happening for quite some time. Whenever I load Wired, there are
bits of JS strewn about the page. Investigation shows that Firefox is treating a
quoted string containing "</script>" as the real end of the script.
Anything inside of quoted strings should be ignored.
|
Reporter | |
Comment 1•20 years ago
|
||
|
||
Comment 2•20 years ago
|
||
I don't think so. The browser doesnt' know anything what's inside the <script>
block (it's just CDATA), so it's looking for the </script> tag directly.
Note that I don't see it at the moment, but that's probably because it's ad-related.
The author should do something like this :
document.write('<'); document.write('/script>');
because the spec requires that we stop processing when the first '</' is
encountered (see <http://www.w3.org/TR/html401/types.html#type-cdata>). But it
breaks so many pages, that we actually stop at '</script'. See bug 254606.
|
||
Updated•20 years ago
|
Assignee: nobody → parser
Component: Layout → HTML: Parser
QA Contact: layout → mrbkap
|
||
Comment 3•20 years ago
|
||
I agree that tags in quoted strings don't have to be ignored. However, i think
the following should work
<script type="text/javascript">
<![CDATA[
function test() { window.alert("</script>"); }
]]>
</script>
See also http://www.w3.org/TR/xhtml1/#h-4.8
Conclusion: content inside CDATA should not be parsed.
|
|
||
Comment 4•20 years ago
|
||
Of course, the point of my previous comment is, that the code example prints
"); } ]]> to the screen, which should not happen.
|
||
Comment 5•20 years ago
|
||
This is a duplicate of either bug 301847 or bug 302469.
The workaround in comment 3 will only work in XHTML (not regular HTML, which
Wired sends). The htmlparser doesn't parse the JavaScript inside the <script>
tags (and thus cannot detect whether the </script> is inside a quoted string or
not. The easiest way to get around this is: document.write("<\/script>").
|
|
||
Comment 6•20 years ago
|
||
*** This bug has been marked as a duplicate of 301847 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•