|
|
Posted by Michael Winter on 10/13/06 17:32
Jeffrey wrote:
[snip]
> alert("<script>function foo() { alert("Hello!"); }</script>");
You cannot nest quotation marks like that. You either need to escape the
inner pair, or change one of them to single quotes (').
[snip]
> According to this page, I should expect this behavior because ending
> HTML tags are not allowed to appear within <script> tags:
> http://www.htmlhelp.com/tools/validator/problems.html#script
Indeed, though more precisely, there can be no ETAGO (</) tokens
followed by a NAME character (that is, anything that looks like an
end-tag). This is because a HTML parser will be looking for these when
trying to find the end of the element; it doesn't need to look for an
end-tag that matches the start-tag because some end-tags are optional
whilst others are forbidden.
The document you cite tells you how to avoid the problem: escape the
backslash to break apart the ETAGO (<\/).
> But my problem is that some very popular websites, seem to violate
> this ...
Popular websites often do stupid things, but the sheer weight of their
popularity often means that they can get away with it. It's not
something to emulate though, if anyone was thinking along those lines.
[snip]
Mike
Navigation:
[Reply to this message]
|