Welcome to WebmasterWorld Guest from 18.232.53.231

Forum Moderators: open

Message Too Old, No Replies

document.write('<SCR' + 'IPT>'), why?

why not use document.write('<SCRIPT>') directly

     
6:38 am on Dec 17, 2004 (gmt 0)

Full Member

10+ Year Member

joined:Jan 19, 2003
posts:324
votes: 0


I just got some AD code which uses js inside another js like this:
document.write('<SCR'+'IPT src=http://www.something.com/sample.js'><\/SCR'+'IPT>');

1. why they split the <SCRIPT> tag into '<SCR' and 'IPT>'? I tried to write '<SCRIPT>' and '</SCRIPT>' strings directly, without any problem.
2. They use '\' before /SCR (<\/SCR'+'IPT>');, why?

7:20 am on Dec 17, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 3, 2003
posts:792
votes: 0


Depending on the browser, the amount of other preceding javascript, and how well-formed the overall code is, this is done to prevent the parser from interpreting the <script> and </script> tags as executeable code rather than as a string to be written.

I have found that it just saves headaches down the road if you do this when using script to write script tags.

8:57 am on Dec 17, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 2, 2003
posts:3710
votes: 0


Browsers may interpret </ as </script>. To prevent this use write('<\/tagname'). There is no need to split the string provided it is escaped (using backslash).

Kaled.

9:39 am on Dec 17, 2004 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 13, 2003
posts:1053
votes: 3


Norton AntiVirus/Firewall also add some code after <script> (or </script> - can't remember which) to surpress error messages.

Putting this code after '<scr'+'ipt>' actually causes an error, so people who use <script> inside <script>s, split it up so Norton ignores it.

11:44 am on Dec 17, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Nov 24, 2004
posts:46
votes: 0


surely, if you code document.write('<script type="text/javascript" src="whatever.js"></script>'); you won't have any problems.

i really don't see how splitting that up would cause problems, after all it's just printing a string.

12:33 pm on Dec 17, 2004 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 13, 2003
posts:1053
votes: 3


it's just printing a string

Yes, it's just printing a string. But before it 'just' prints the string, Norton amends it.

Then it does not 'just' amend a string, but creates all kinds of errors after it converts it to something like:


document.write('<SCRIPT src=http://www.something.com/sample.js'><!--

function SymError()
{
return true;
}

... etc ...

//--><\/SCRIPT>');

As you can see the JS is split over several lines and if Norton inserts a ' or " character, errors occur.

1:49 pm on Dec 17, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 3, 2003
posts:792
votes: 0


surely, if you code document.write('<script type="text/javascript" src="whatever.js"></script>'); you won't have any problems.
i really don't see how splitting that up would cause problems, after all it's just printing a string.

That's the theory. In practice, things can happen so that the script tags in your string get executed right away and causes errors. No I can't post code that does it because I don't have any. But I have encountered it, and splitting the tags up is what fixed it. It was always a case of fixing someone else's code, or adding quick changes to existing code. No doubt there were some unclosed tags somewhere in the documents so the browser was confused. None the less, it happens.
2:20 pm on Dec 17, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Nov 24, 2004
posts:46
votes: 0


document.write is a dated way of doing this anyway:

instead, just add this to any other JS include:

window.onload=createScript;

function createScript()
{
var oNode=document.createElement("script");
document.getElementsByTagName("body")[0].appendChild(oNode);

oNode.setAttribute("id", "newScript", 0);
oNode.setAttribute("type", "text/javascript", 0);
oNode.setAttribute("src", "whatever.js", 0);
}

3:30 pm on Dec 17, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Nov 24, 2004
posts:46
votes: 0


the previous code i wrote, is better written as thus:


window.onload
{
with (document.getElementsByTagName("head")[0].appendChild(document.createElement("script")))
{
setAttribute("id", "newScript", 0);
setAttribute("type", "text/javascript", 0);
setAttribute("src", "whatever.js", 0);
}
}
3:51 pm on Dec 17, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 17, 2001
posts:1262
votes: 0


We have some legacy code specifically written out that way due to parsing differences among IE4 Win, IE4 Mac, and NS4, with the Mac being the primary culprit. It is generally not necessary to be so cautious (and verbose) these days.