Understanding and Escaping <script> Tag Parsing Rules in HTML
By
dmsnell
9mo ago· 7 min readen
100/100
Golden Brown
Bagelometer↗
The kind of bagel that ruins lesser bagels for you.
Score100Typehow-toSentimentneutral
Summary
The article explains the unintuitive parsing rules of <script> tags in HTML and how they can break webpages. It provides a straightforward method to escape JSON for script tags, citing the HTML standard's recommendation for escaping specific sequences like "<!--" and "<script". The post delves into the parsing rules to clarify why this method is effective.
Key quotes
· 2 pulledThe easiest and safest … is to always escape an ASCII case-insensitive match for “<!--” as “\x3C!--“, “<script” as “\x3Cscript“, and “</script” as “\x3C/script“…
<script> tags follow unintuitive parsing rules that can break a webpage in surprising ways.