Home/ Questions/Q 8541565
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T11:51:39+00:00

Consider the following html document: <!DOCTYPE html> <html> <head> <script type=text/javascript> alert(Hello) </script> </head>

  • 0

Consider the following html document:

<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
alert("Hello")
</script>
</head>
</html>

The result of opening in Firefox, Safari and Chrome is the same in my macbook: an alert message displays “Hello”. I was reading this answer to try to understand the behavior of the browers. The main part is:

Since the contents of tags are treated as CDATA, the contents are not parsed and you can store unquoted XML or HTML in the contents (as long as you don’t ever put a </script> tag in the contents, since that will close your element).

Lets try what happens when we see the source in Firefox:

source code screenshot with </script> in the alert call

The output in the browser it shows is ") since it thinks that the script tag was closed
inside alert. One way to overcome this in case we really, really want to display "</script>" is to do:

<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
alert("<"+"/script>")
</script>
</head>
</html>

Now Firefox understands it:

source code screenshot with "</" + "script>" in the alert call

Question:

It is really simple for the parser to check if </script> is the closing part. It does take more
time to check this but it is doable (count the number of quotes before the encounter of </script>. If it is even then it is the closing tag, otherwise continue looking for the closing tag). The question is, is this a rule that we cannot write "</script>" inside javascript? If so, what other subtle rules are out there that I might not be aware of?

The same goes for say php parsers. <?php echo "?>" ?>. I have tested this and php seems to know where the real ?> is located.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Correct, you cannot write "</script>" within inline Javascript, but you can write "<\/script>". In an external Javascript file, you don’t have that limitation.

    The Javascript engine will see "</script>" as the end of the script, regardless of the context it appears.

    As long as you are using HTML and not XHTML, that is the only real gotcha.

    XHTML, served as an XHTML file[1] has a few more gotchas, including -- being the beginning and end of XHTML comment.

    [1] Very little XHTML stuff is actually served XHTML. It us usually served as HTML and then processed by a tag-soup parser than can make sense of everything from HTML comments embedded and even CDATA tags that don’t belong.

    • 0