</script>在 <script> 中的 JavaScript 字符串中标签 [英] </script> within a JavaScript string in a <script> tag
问题描述
我有一个应用程序,可以将各种内容生成到放置在页面上的 JavaScript 字符串中.我以为所有的转义都可以,但后来我遇到了一个奇怪的问题,我真的找不到原因:
I have an app that can generate all sorts of things into the JavaScript strings put on the page. I thought all the escaping were ok, but then I came across a weird problem that I couldn't really find a reason for:
这在 html 页面中不应该是合法的:
Shouldn't this be legal in an html page:
<script type="text/javascript">
alert("hello </script>");
</script>
'Legal' 意味着它会产生一个带有 hello </script> 的警报.
'Legal' meaning that it would produce an alert with hello </script>.
显然,至少在我的机器上,moz 和 chrome 都会在警报字符串的 </script> 部分之后切断脚本,不产生警报并且输出混乱.有没有人遇到过这个,这是浏览器的错误吗?
Apparently both moz and chrome, on my box at least, cuts the scripting off after the </script> part of the alert string, producing no alert and a messy output. Has anyone run into this, is this a browser bug?
推荐答案
HTML 解析为:
<script type="text/javascript">
alert("hello
</script>
");
</script>
第一次出现 时关闭打开的
