Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Script tag contents are HTML escaped
See original GitHub issueAs of the latest master the contents of script tags are HTML escaped.
+ expected - actual
+"<!doctype html>\n<html>\n <body>foo\n<script>var $serverCache = {\"http://localhost:51205/\": {\"data\":\"get!\"}};</script></body>\n</html>\n"
-"<!doctype html>\n<html>\n <body>foo\n<script>var $serverCache = {"http://localhost:51205/": {"data":"get!"}};</script></body>\n</html>\n"
Issue Analytics
- State:
- Created 9 years ago
- Comments:14 (10 by maintainers)
Top Results From Across the Web
Escape </ in script tag contents - html - Stack Overflow
In HTML, as opposite to XHTML, the content of a script element is processed as plain text except for the occurrence of an...
Read more >Vulnerability in HTML design: the script tag | Uploadcare Blog
Long story short, unlike any other HTML tag, <script> implies different rules of escaping its content. The proper escaping is unreasonably ...
Read more >Escaping 'script' Tags in String Literals
The first fix is to use the backslash character (\) to escape (/) in the </script> tag. This extra backslash will stop the...
Read more >How to safely escape user data in a script tag - man42 blog
Basically, the soluton is to escape </ to <\/ and <!-- to <\!-- . If you're generating your html file with JavaScript /...
Read more >Escaping script tags in Python - Dot Net For All
HTML.escape and HTML.unescape are two methods present in the html library. These inbuilt methods are used to invalidate the script tag.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
The next release will allow you to pass decodeEntities: false, resulting in the desired behavior.
Felix
What we are doing might be an edge case, but we use cheerio to parse and build Swig template for rendering on server. And v0.16 starts to escape this line:
<title>{{__("i18n text")}}</title>into
<title>{{__("i18n text")}}</title>which cause Swig to choke. I am wondering if this is a supported use-case in future? Or can we turn off such escaping with a setting (apologize if i overlook something trivial)