发表新帖
发表新帖

What does this mean: “[removed]('<scr'+'ipt… ”?

前端 未结
关注
6 1598
一向
一向 2020-12-03 07:25

I\'ve seen this on every Yahoo! news page, at the bottom of the source code,
and failed to understand why they break the script word like that.
<

相关标签:
6条回答
  • 野性不改
    2020-12-03 07:53

    so that it doesn't get evaluated but gets inserted as a string.

    0 讨论(0)
  • 忘掉有多难
    2020-12-03 07:53

    Some browsers tend to "act" to fast when parsing a document and immediately try to execute the javascript when they find a script tag (even though it is itself in a piece of js). To avoid this they break the decalration of the tag.

    0 讨论(0)
  • 忘掉有多难
    2020-12-03 07:58

    For a full discussion of this, see:
       http://www.wwco.com/~wls/blog/2007/04/25/using-script-in-a-javascript-literal/

    The short answer is that your code is parsed in two discrete steps.

    The first one is XML. And that means that the element <SCRIPT> is looking for a </SCRIPT>. It's important to remember that XML elements are content agnostic. That means that the parser doesn't know yet that there's JavaScript in there.

    Once it has the contents of the <SCRIPT> element, then it processes that chunk of text, which presumably is JavaScript.

    By splitting up the tag with a string concatenate operator you prevent a constant from tripping up the XML phase.

    One simple solution is to put &lt; and &gt; in the Javascript text.

    0 讨论(0)
  • 野的像风
    2020-12-03 08:00

    It's a bad way to prevent XML/XHTML and HTML validators from yelling at the source code.

    0 讨论(0)
  • 醉话见心
    2020-12-03 08:05

    Suppose you are writing a tool that detects the beginning and end of script blocks in a chunk of text. Suppose you see

    <blah><blahdeblah><script>

blah blah blah

blah

print("</script>")

print("<script>")

blah

</script>

</blahdeblah></blah>

    Without knowing the syntax of the script language, how does your tool know that this is ONE script block and not TWO script blocks with ")blah between them?

    A web browser is such a tool. It's a reasonable practice to make sure you never confuse the web browser by never having <script> or </script> in your file unless it actually is a script tag.

    0 讨论(0)
  • -上瘾入骨i
    2020-12-03 08:10

    Consider this simplified example:

    <script>
document.write("something </script> something");
</script>

    The browser's HTML parser would see the </script> within the JavaScript string and interpret that as the end of the script element.

    The HTML parser doesn't know about JavaScript syntax - all it knows is that the <script> element ends at the next </script>.

    (It also knows that you can't have nested <script> elements, hence the breaking of the opening <script> as well as the closing </script> in your example.)

    0 讨论(0)
 看不清?
提交回复
热议问题