wayf.jsp: wrong java script wrapping

Sorry, I should have just closed this one out immediately, I didn't really read it that close. It is, at best, spec-lawyering and at worse something else. There is nothing wrong with using the HTML comments.

The issue, of course, is that if you need to make sure unescaped stuff isn't picked up by the HTML parser. There are two ways you can do that.

<javascript>
<!--
... script ...
-->
</javascript>

or

<javascript>
<![CDATA[
... script ...
]]>
</javascript>

Both are technically correct. In the former case the HTML parser provides the comment to the javascript engine which peels off the comment tags and processes it. In the later case the HTML parser parses the content but with various flags turned on to basically suspend parser token generation until the "]]>" is reached. This has implication for how each method treats things like "&lt;". So, I think if you use the escaped strings for one and the unescaped strings for the other you'll end with the same thing.

So this has me flummoxed.

We currently generate the following

<script yadder yadder yadder/>
<!--
javascript
-->
</script yadder yadder/>

So the jhavascript is already in an xml comment and surely its not liable for furter interpretation.

Nothing deterred I tried the three following

1)

<script yadder yadder yadder/>
<!--
<![CDATA[
javascript
]]>
-->
</script yadder yadder/>

2)

<script yadder yadder yadder/>
<![CDATA[
<!--
javascript
-->
]]>
</script yadder yadder/>

3)

<script yadder yadder yadder/>
<![CDATA[
javascript
]]>
</script yadder yadder/>

And none of them work (IE or firefox) so I am misunderstanding the problem statement.

If you go into the the javascript and try to put in something like opt = new Option ("Texas A &lt M University") (which the escaping would require, then tjhis ends up in the pick list as "Texas A &lt M University". Which confirmed my suspicion that the comments are doing the work for us.

Over to Chad for elucidation or closing