</script> tag inside of string causes Uncaught SyntaxError: Unexpected token ILLEGAL
3,512 views
Skip to first unread message
jbasdf
Dec 6, 2010, 6:30:32 PM12/6/10
to Chromium-extensions
I have the following code inside a function in my background.html
page:
widgets['fb_comments'] = {'css_class': 'facebook', 'name': 'Facebook
Comments', 'code': '<div class="oerglue-widgets-widget"><div id="fb-
root"></div><{script} src="http://connect.facebook.net/en_US/
all.js#appId=APP_ID&xfbml=1"></{script}><fb:comments xid="{id}"
numposts="10" width="425" publish_feed="true"></fb:comments></div>' };
With that code in place I get:
Uncaught SyntaxError: Unexpected token ILLEGAL
Just to be sure I tried it with a simpler script and got the same
error:
widgets['test'] = '<script></script>';
I thought that I could put anything inside a string that I wanted but
I'm guessing I missed something in the security documentation. Has
anyone seen this before?
Thanks,
Justin
page:
widgets['fb_comments'] = {'css_class': 'facebook', 'name': 'Facebook
Comments', 'code': '<div class="oerglue-widgets-widget"><div id="fb-
root"></div><{script} src="http://connect.facebook.net/en_US/
all.js#appId=APP_ID&xfbml=1"></{script}><fb:comments xid="{id}"
numposts="10" width="425" publish_feed="true"></fb:comments></div>' };
With that code in place I get:
Uncaught SyntaxError: Unexpected token ILLEGAL
Just to be sure I tried it with a simpler script and got the same
error:
widgets['test'] = '<script></script>';
I thought that I could put anything inside a string that I wanted but
I'm guessing I missed something in the security documentation. Has
anyone seen this before?
Thanks,
Justin
PhistucK
Dec 7, 2010, 2:36:10 AM12/7/10
to jbasdf, Chromium-extensions
You cannot have a "</script>" inside a JavaScript code within <script></script>. This is true for regular web pages and not only with Chrome. Add a backslash before the forward slash and it should disappear, I think (or use \XXX escapes for < and >).
☆PhistucK
--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To post to this group, send email to chromium-...@chromium.org.
To unsubscribe from this group, send email to chromium-extens...@chromium.org.
For more options, visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en.
jbasdf
Dec 8, 2010, 12:52:14 AM12/8/10
to Chromium-extensions
I knew I had to be doing something stupid. <\/script> works great.
Thanks!
Justin
On Dec 7, 12:36 am, PhistucK <phist...@gmail.com> wrote:
> You cannot have a "</script>" inside a JavaScript code within
> <script></script>. This is true for regular web pages and not only with
> Chrome. Add a backslash before the forward slash and it should disappear, I
> think (or use \XXX escapes for < and >).
>
> ☆*PhistucK*
> > .
Thanks!
Justin
On Dec 7, 12:36 am, PhistucK <phist...@gmail.com> wrote:
> You cannot have a "</script>" inside a JavaScript code within
> <script></script>. This is true for regular web pages and not only with
> Chrome. Add a backslash before the forward slash and it should disappear, I
> think (or use \XXX escapes for < and >).
>
>
>
>
>
>
>
>
> On Tue, Dec 7, 2010 at 01:30, jbasdf <justinb...@gmail.com> wrote:
> > I have the following code inside a function in my background.html
> > page:
>
> > widgets['fb_comments'] = {'css_class': 'facebook', 'name': 'Facebook
> > Comments', 'code': '<div class="oerglue-widgets-widget"><div id="fb-
> > root"></div><{script} src="http://connect.facebook.net/en_US/
> > all.js#appId=APP_ID&xfbml=1"></{script}><fb:comments xid="{id}"
> > numposts="10" width="425" publish_feed="true"></fb:comments></div>' };
>
> > With that code in place I get:
> > Uncaught SyntaxError: Unexpected token ILLEGAL
>
> > Just to be sure I tried it with a simpler script and got the same
> > error:
> > widgets['test'] = '<script></script>';
>
> > I thought that I could put anything inside a string that I wanted but
> > I'm guessing I missed something in the security documentation. Has
> > anyone seen this before?
>
> > Thanks,
> > Justin
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Chromium-extensions" group.
> > To post to this group, send email to chromium-extensi...@chromium.org.
>
>
>
>
>
>
> On Tue, Dec 7, 2010 at 01:30, jbasdf <justinb...@gmail.com> wrote:
> > I have the following code inside a function in my background.html
> > page:
>
> > widgets['fb_comments'] = {'css_class': 'facebook', 'name': 'Facebook
> > Comments', 'code': '<div class="oerglue-widgets-widget"><div id="fb-
> > root"></div><{script} src="http://connect.facebook.net/en_US/
> > all.js#appId=APP_ID&xfbml=1"></{script}><fb:comments xid="{id}"
> > numposts="10" width="425" publish_feed="true"></fb:comments></div>' };
>
> > With that code in place I get:
> > Uncaught SyntaxError: Unexpected token ILLEGAL
>
> > Just to be sure I tried it with a simpler script and got the same
> > error:
> > widgets['test'] = '<script></script>';
>
> > I thought that I could put anything inside a string that I wanted but
> > I'm guessing I missed something in the security documentation. Has
> > anyone seen this before?
>
> > Thanks,
> > Justin
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Chromium-extensions" group.
> > To unsubscribe from this group, send email to
> > chromium-extensions+unsubscr...@chromium.org<chromium-extensions%2Bunsubscr...@chromium.org>
> > .
Reply all
Reply to author
Forward
0 new messages