12

What is the real reason that we must escape a forward slash in a JavaScript string, and also why must we escape string/no string in XHTML. A lot of tutorials just brush over this issue.

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
rubixibuc
  • 7,111
  • 18
  • 59
  • 98

3 Answers3

15

What is the real reason that we must escape a forward slash in a JavaScript string

In an HTML 4 document, the sequence </ inside an element defined as containing CDATA (such as script) is an end tag and will end the element (with an error if it is not </script>.

As far as JS is concerned / and \/ are identical inside a string. As far as HTML is concerned </ starts an end tag but <\/ does not.

, and also why must we escape string/no string in XHTML.

XHTML doesn't provide a method of specifying that an element intrinsically contains CDATA, so you need to explicitly handle characters which would otherwise have special meaning (<, &, etc). Wrapping the contents of the element with CDATA markers is the easiest way to achieve this.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • So we never have to escape a single forward slash, only a ? whether it is XHTML inside a string or outside a string? Thanks :-) – rubixibuc May 24 '11 at 23:18
  • In other words in XHTML when must we escape a forward slash? – rubixibuc May 24 '11 at 23:20
  • In "normal" XHTML (which nobody uses), never. In HTML-compatible XHTML (which everybody who wants IE 8 and lower to be supported uses), the same places as in HTML. – Quentin May 24 '11 at 23:21
  • So, @rubixibuc, to recap, and make it clear: "So we never have to escape a single forward slash, only a ?". Correct. – Sz. Nov 28 '17 at 23:41
3

You don't need to escape / in a JavaScript string, just \, because if you don't, then the string yes\no will inadvertently be transformed into yes<newline>o. Escaping the \ will prevent that.

Also, if you don't escape & in a URL, then whatever comes after it will be considered a new parameter. For example, a=Q&A will mean "the parameter a has the value "Q" and there's also a parameter A" instead of "the parameter a has the value "Q&A"". The correct way of escaping that would be a=Q%26A.

rid
  • 61,078
  • 31
  • 152
  • 193
0

The slash is needed to prevent browsers, particularly older ones, to erroneously interpret the forward slash as a closing JavaScript marker.

densho
  • 39
  • 2