Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m sorry the question title is so vague, but I was looking at some code from a Job posting boards conversion tracking software and ran across this for the first time.
document.write('<i' + 'mg height="1" ' +
'width="1" border="0" ' +
'src="' + url + '&ifr' + 'ame=0" />');
document.write('</ifr' + 'ame>');
Why are they breaking up the string literal in this manner? Specifically '</ifr'+'ame>'
When HTML parsers see certain tags, even when embedded in JavaScript strings, they’ll be parsed immediately as those tags.
Breaking them up avoids this behavior–
<script>is the one that usually causes problems; I agree with Mike that it shouldn’t be necessary foriframes (AFAIK no others, either, but I can’t speak to that with any authority).It’s also a trick to avoid being trivially parsed by crawlers.