Are CDATA tags ever necessary in script tags and if so when?
In other words, when and where is this:
A CDATA section is required if you need your document to parse as XML (e.g. when an XHTML page is interpreted as XML) and you want to be able to write literal i<10
and a && b
instead of i<10
and a && b
, as XHTML will parse the JavaScript code as parsed character data as opposed to character data by default. This is not an issue with scripts that are stored in external source files, but for any inline JavaScript in XHTML you will probably want to use a CDATA section.
Note that many XHTML pages were never intended to be parsed as XML in which case this will not be an issue.
For a good writeup on the subject, see https://web.archive.org/web/20140304083226/http://javascript.about.com/library/blxhtml.htm
When you want it to validate (in XML/XHTML - thanks, Loren Segal).
CDATA indicates that the contents within are not XML.
Here is an explanation on wikipedia
to avoid xml errors during xhtml validation.
An HTML parser will treat everything between <script>
and </script>
as part of the script. Some implementations don't even need a correct closing tag; they stop script interpretation at ". </
", which is correct according to the specs
Update In HTML5, and with current browsers, that is not the case anymore.
So, in HTML, this is not possible:
<script>
var x = '</script>';
alert(x)
</script>
A CDATA
section has no effect at all. That's why you need to write
var x = '<' + '/script>'; // or
var x = '<\/script>';
or similar.
This also applies to XHTML files served as text/html
. (Since IE does not support XML content types, this is mostly true.)
In XML, different rules apply. Note that (non IE) browsers only use an XML parser if the XHMTL document is served with an XML content type.
To the XML parser, a script
tag is no better than any other tag. Particularly, a script node may contain non-text child nodes, triggered by "<
"; and a "&
" sign denotes a character entity.
So, in XHTML, this is not possible:
<script>
if (a<b && c<d) {
alert('Hooray');
}
</script>
To work around this, you can wrap the whole script in a CDATA
section. This tells the parser: 'In this section, don't treat "<
" and "&
" as control characters.' To prevent the JavaScript engine from interpreting the "<![CDATA[
" and "]]>
" marks, you can wrap them in comments.
If your script does not contain any "<
" or "&
", you don't need a CDATA
section anyway.
When you are going for strict XHTML compliance, you need the CDATA so less than and ampersands are not flagged as invalid characters.