1

var c= {"Content":"</SCRIPT>"}

Gives parser error in Chrome. Escaping works ... </SCRIPT>

https://jsfiddle.net/OndrejSpilka327/banr9836/

Is it really chrome bug?

EDIT I don't think the argumentation is correct. HTML parser should have nothing to do with JavaScript parser. First of all, whatever is enclosed in should be parsed as JavaScript, not HTML. This is definitely wrong implementation of HTML parser.

For your curiosity:

var c= {"Content":"<SCRIPT></SCRIPT>"}
console.log(c.Content);

Produces the sam error in JSFiddle...and this is definitely well formed.

Again one can argue that SCRIPT tag can't occur inside outer SCRIPT tag, however whatever is enclosed in SCRIPT tags should be parsed as script not as HTML and especially if escaped in a regular string literal.

Such an argumentation only advocates bad implementation.

Obviously the behaviour produces errors when working with custom content serialized to json and persisted in SCRIPT tag.

Just curious what tags you removed Felix and why?

OSP
  • 1,458
  • 1
  • 14
  • 15
  • An object literal is not the same as JSON. You don’t have JSON here. – Felix Kling Oct 17 '17 at 14:17
  • Well this object literal is JSON compatible. But to be precise, yes, this is object literal. Makes no difference. – OSP Oct 18 '17 at 18:37
  • 1
    "First of all, whatever is enclosed in `` should be parsed as JavaScript, not HTML. This is definitely wrong implementation of HTML parser." — No. The JavaScript is **inside** the HTML. You either need to parse the HTML (here is the start tag, here is a text node, here is the end tag, now pass the text node to the JS parser to be treated as JS) or you need to recognise the start tag and then switch to parsing JS until you reach the end of the JS which has no way to mark "the end of the JS" so that's impossible and HTML+JS are consequently not designed to be parsed like that. – Quentin Oct 18 '17 at 18:50
  • I disagree with the marking of duplicate on this. – boatcoder Oct 31 '17 at 12:53

1 Answers1

2

No it’s not a Chrome bug. The HTML parser doesn’t know anything about JavaScript, it will close the <script> tag at the first occurrence of </script> that it finds. If that’s in the middle of a JavaScript program you end up with an invalid program.

Any character sequence that has a special meaning but should not interpreted with that special meaning needs to be escaped or split up.

See also Why split the <script> tag when writing it with document.write()?

Felix Kling
  • 795,719
  • 175
  • 1,089
  • 1,143
  • Well I don't think your explanation is correct. First of all, whatever is enclosed in should be parsed as JavaScript, not HTML. This is definitely wrong implementation. Secondly, this code produces the same error: – OSP Oct 18 '17 at 18:16
  • 1
    *"whatever is enclosed in should be parsed as JavaScript, not HTML"* It's not an HTML parsers job to parse JavaScript. In order to get the JavaScript code, the HTML document has to parsed first. That's the HTML parsers job. It then hands off the content of ` – Felix Kling Oct 18 '17 at 20:03
  • Maybe this simplified example helps: Consider string literals in JavaScript and this example: `var str = "He said: "Get out"";`. JavaScript is not going to be able to parse this because it thinks the string literal ends at the second `"`. JavaScript *doesn't understand the content of string*, similar to how the HTML parser doesn't understand the content of the ` – Felix Kling Oct 18 '17 at 20:23
  • ok, acceptable answer ;) What works is escaping with \. So <\/SCRIPT> is parsed well and works ok as well. – OSP Oct 19 '17 at 17:30