Escape </ in script tag contents

2018-06-27 02:37:34

In HTML, tags and entities aren't parsed within <script> tags, and </ immediately ends the tag. Thus,

<script><b>fun &amp; things</

will give you a script tag with the exact contents <b>fun & things <b>fun & things .

If you're including JSON and you want to include the characters </ in your script, then you can replace it with </ because the only place for those characters to appear is in a string, and / is an escape sequence that turns into a single forward slash.

However, if you're not using JavaScript, then this trick doesn't work. In my case specifically I'm trying to insert a <script type="math/tex"> into the source so that MathJax will process it. Is there a way to escape </ in the original HTML source? (I don't have a particular need for </ but I'm writing a generic tool and want to make it possible to use any text.)

(It's possible to create the script tag in JavaScript and populate its innerText , but I'm working with the raw HTML so I can't do that.)

In HTML, as opposite to XHTML, the content of a script element is processed as plain text except for the occurrence of an end tag, so that </ ends processing and must, in conforming documents, start the end tag </script> . There is no general mechanism to avoid this. Any methods that circumvent this feature are unavoidably dependent on the “language” used inside the element. The word “language” is in quotes here, because the content can be just about anything, as long as your code can parse and process it.

So: no general mechanism, but for content other than JavaScript or some of the few other client-side scripting languages recognized by some browsers, you can make your own rules.

I came here looking for a way to universally escape </script> inside the JavaScript code.

After bit of research I figured that if you are trying to escape </script> in JavaScript code so it can be safely embedded in html between <script> and </script> tags you should replace </script with </script or </script . It's safer to do because if you replace it with </script you might break JavaScript code like this: var q = -1</script/.test("script");

Be careful not to look for </script> but rather </script because </script asdasdas> will end your script just as well as </script> does.

Sorry, it doesn't help Ben Alpert in any way. Accepted answer is absolutely correct that you need to know what constructs are legal in language you have inside your <script></script> to know how to escape </script> occurrence without braking the code.

More HTML encoding might help? < for the < .

Difficult to know quite what you are doing with it. If you are not sure of what the content between the script tags might be (looks like you might be trying to use it as a template holder of some sort?) then you could/should use a CDATA section:

<script><![CDATA[<b>fun &amp; things</b>]]></script>

That should do it. More description could help give a better answer too :)

链接地址: http://www.djcxy.com/p/75792.html

上一篇: 将块元素放置在底部

下一篇: Escape </脚本标记内容