On Thu, Jan 22, 2009 at 2:46 PM, Lev Epshteyn <[email protected]> wrote:
> I found a strange bug in shindig while adding a checkbox to sample > container > to support non-minified JS output. > > In the templates feature JS, some of our comments include usage examples, > which contain the string "</script>". > > This is not a problem for a .js file, but when Shindig inlines this content > into a <script> block, the string causes all sorts of havoc in the browser, > causing it to terminate the script block prematurely. > > While this isn't an issue in minified mode, where comments get stripped > off, > I am wondering if the problem can also occur if I have a closing script tag > inside a string literal. I haven't actually tested this, so it's entirely > possible that Shindig is smart enough to handle this edge case. This isn't a "shindig bug", it's a well known browser limitation. Always escape the string "</script>" as "<\/script>" in javascript. Contrary to common belief, you don't need to do bizarre things like concatenating <scr and ipt>. Simply escaping the forward slash is sufficient.
