Home/ Questions/Q 8222885
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T14:25:45+00:00

In almost every tag in HTML, characters like < (start tag) and & (character

  • 0

In almost every tag in HTML, characters like <(start tag) and &(character escape) must be escaped.

However, inside of a <script> tag this does not seem to apply! I am able to define in HTML the characters plainly and also retrieve them using jQuery, for example var my_unescaped_text = $('script[type="text/mytexttype"]');

Are there any other tags that do this? Is there some way that I could possibly have this sort of thing become visible in a <pre> tag without using javascript? (yeah, I know, that definitely sounds like a tall order…)

What about <input> or <textarea> tags? One can definitely write these characters in a text input field, and that is visible and style-able (which satisfies my perhaps unclear goal). Is there anything else? The text I’m trying to display (pre-javascript processing) is Markdown and a <pre> is perhaps best suited for it though a <textarea readonly="readOnly"> could probably be made to look exactly like a <pre>.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You must always escape when embedding arbitrary text into HTML.

    However, special rules apply for the content of the <script> tag, and they allow an unescaped < under certain conditions, namely, that it is not part of a </script>. Therefore, the correct encoding of "<" in JavaScript is "\u003c".

    For security reasons, you shouldn’t use inline JavaScript in the first place. Instead, use data- attributes.

    • 0