top | item 44844290

(no title)

TOGoS | 6 months ago

> Not so fast, things are about to get messy

That ship sailed several paragraphs ago, when <script> got special treatment by the HTML parser. Too bad we couldn't all agree to parse <![CDATA[...]]> consistently, or, you know, just &-escape the text like we do /everywhere else/ in HTML.

discuss

forty|6 months ago

What's wrong with CDATA? Do you have concrete examples when that would not work?

TOGoS|6 months ago

As per the 'special parsing rules for script tags', browsers don't actually treat it as what you'd expect it means.

  <script>console.log("<![CDATA[Hello, this string content in a CDATA section!]]>");</script>

Results in this being output to the console:

  <![CDATA[Hello, this string content in a CDATA section!]]>

Browsers don't do what you intend if you wrap the whole script in CDATA, either. They treat the "<![CDATA[" sequence as literally part of the script! Which of course throws a syntax error.

I tend to use them anyway, as sort of a HTML/XHTML polyglot thing, because deep in my heart I still think HTML should be valid XML:

  <script>/* <![CDATA[ */
     // my script here, and you *still* need to be careful not
     // to include close-script or close-cdata sequences
  /* ]]> */</script>

In summary, the 'special parsing rules for script tags' add a great amount of complexity not just to the parsing code, but for anybody who has to emit markup, especially if different parsers disagree on what kind of escaping rules are active within a given section. Yes, the HTML5 spec codified the neurotypical "I would rather make you guess what I mean than just use the proper words to say it clearly" behavior, so at least browsers agree on it, but it's a mess and a pain to deal with because now you have to remember 1000 exceptions to what would have been simple rules.