What is the real reason that we must escape a forward slash in a JavaScript string, and also why must we escape string/no string in XHTML. A lot of tutorials just brush ove
The slash is needed to prevent browsers, particularly older ones, to erroneously interpret the forward slash as a closing JavaScript marker.
You don't need to escape /
in a JavaScript string, just \
, because if you don't, then the string yes\no
will inadvertently be transformed into yes<newline>o
. Escaping the \
will prevent that.
Also, if you don't escape &
in a URL, then whatever comes after it will be considered a new parameter. For example, a=Q&A
will mean "the parameter a
has the value "Q
" and there's also a parameter A
" instead of "the parameter a
has the value "Q&A
"". The correct way of escaping that would be a=Q%26A
.
What is the real reason that we must escape a forward slash in a JavaScript string
In an HTML 4 document, the sequence </
inside an element defined as containing CDATA (such as script) is an end tag and will end the element (with an error if it is not </script>
.
As far as JS is concerned /
and \/
are identical inside a string. As far as HTML is concerned </
starts an end tag but <\/
does not.
, and also why must we escape string/no string in XHTML.
XHTML doesn't provide a method of specifying that an element intrinsically contains CDATA, so you need to explicitly handle characters which would otherwise have special meaning (<
, &
, etc). Wrapping the contents of the element with CDATA markers is the easiest way to achieve this.