SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict
    Join Date
    Dec 2005
    Posts
    276
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Scripts in XHTML

    Do inline <script> tags always need to use <![CDATA[ ]]>, or only if they use "<", ">" or "&"?
    "Never imagine yourself not to be otherwise than what
    it might appear to others that what you were or might
    have been was not otherwise than what you had been
    would have appeared to them to be otherwise."

  2. #2
    SitePoint Wizard bronze trophy Tyssen's Avatar
    Join Date
    Oct 2005
    Location
    Brisbane, QLD
    Posts
    4,067
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I thought it was the latter.

  3. #3
    SitePoint Author silver trophybronze trophy

    Join Date
    Nov 2004
    Location
    Ankh-Morpork
    Posts
    12,158
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You never need CDATA sections. They are merely practical because you don't have to escape certain characters to ensure well-formedness.

    If you choose not to use a CDATA section, you must make sure that all special characters are escaped using character references or using the five predefined entities.
    Birnam wood is come to Dunsinane

  4. #4
    bronze trophy
    Join Date
    Dec 2004
    Location
    Sweden
    Posts
    2,670
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just like any other data in XML, < and & need to be escaped either using CDATA section (when in content) or &lt; and &amp; respectively (can be used both in content and in attribute values). In addition, in content the string ]]> needs to be escaped as ]]&gt; and it cannot appear in a CDATA section. For obvious reasons, " in attribute values using " as delimiter needs to be escaped as &quot; and similarly ' as &apos; for attribute values using ' as delimiter. E.g.:
    Code:
    <script type="text/javascript>
    <![CDATA[
    /* < and & can be used here */
    ]]>
    </script>
    <script type="text/javascript">
    /* &lt; and &amp; can be used here */
    </script>
    <button onclick="/* &lt;, &amp; and &quot; have to be written as entities */">test</button>
    <button onclick='/* &lt;, &amp; and &apos; have to be written as entities */'>test</button>
    If you intend to serve XHTML as text/html, then &apos; cannot be used (because it isn't defined in HTML4) so &#39; can be used instead, and because SCRIPT is a CDATA element in HTML4 you cannot use entities in SCRIPT elements. Instead you need a CDATA section, but since SCRIPT already is a CDATA element things that look like marked sections (or comments, or any markup for that matter except end tags) are just interpreted as data and passed on to the script engine, so the markup constructs need to be commented out with the script's comment syntax, e.g.:
    Code:
    <script type="text/javascript">
    //<![CDATA[
    /* < and & can be used here */
    //]]>
    </script>
    Since any end tag closes the SCRIPT element according to SGML rules, the character sequence "</" followed by [a-zA-Z] can't appear inside SCRIPT when serving as text/html. It can normally be escaped as "<\/foo" in javascript.

    The use of <!-- ... //--> inside SCRIPT in HTML is a hack to hide the contents of the SCRIPT element from browsers that don't understand the tags, which effectively means Netscape 1.0 and Mosaic. (If browsers used SGML parsers and read the DTD then this hack wouldn't exist.) Since the SCRIPT element is CDATA, this isn't actually a comment but just data that is passed on to the script engine. The javascript engine knows about this hack so when a script starts with <!-- then that line is ignored by the engine. (In theory, if it was a treated as a real comment then any occurance of "--" inside the script would terminate the comment (according to SGML rules) but neither Mosaic nor Netscape 1.0 implemented comments according to SGML rules so this is a non-issue.)

    In XML, SCRIPT is a PCDATA element just like any other element, so the use the above hack in XHTML will literally result in the script being commented out (and thus isn't passed on to the script engine). Any occurance of -- inside comments obviously causes a parse error in XML.
    Simon Pieters


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •