0

I have an ASP.NET MVC view model that I need to pass to a JavaScript function when the page loads, and I'm currently doing that like so:

<script type="text/javascript">
    $(window).on("load", function () {
        myFunction(@Html.Raw(JsonConvert.SerializeObject(Model)));
    });
</script>

In other words, I'm using JSON.NET to serialize the model to JSON, and inserting that (un-encoded) into my <script> block.

When rendered, the script block ends up looking something like:

<script type="text/javascript">
    $(window).on("load", function () {
        myFunction({"myProperty": "the property value"});
    });
</script>

That works, up to a point. But when my model contains a string property that whose text includes HTML tags *, these confuse the browser into thinking that the <script> block has ended, and the browser starts rendering the tags embedded in the view model.

  • Edit: per the comments, this only happens if there's a </script> tag.

For example:

<script type="text/javascript">
    $(window).on("load", function () {
        myFunction({"myProperty": "<script>...</script>"});
    });
</script>

How can I solve this?

Improve this question
17
  • 1
    @Jamiec you're wrong, browers do do that. They look for </script> and just end the script. Commented Jun 8, 2017 at 11:25
  • @Jamiec: well, in this case, both IE11 and Chrome exhibit the same behaviour. It's worth mentioning that the JSON fragment is very large, and the problematic text is an entire HTML document, which may have a bearing on whether the browser says "surely there must have been a missing end-tag or quote". Commented Jun 8, 2017 at 11:27
  • 1
    @Jamiec you're correct, it only breaks on the specific string </script>. The sample code is wrong. Commented Jun 8, 2017 at 11:30
  • 1
    As I can demonstrate (here) there is nothing whatsoever wrong with the code you posted. This is why we ask for a minimal reproducible example before answering code questions - so we're clear what the problem is. From your question, there is no problem. If you demonstrated that it was a </script> tag which causes the problem, then we have a question! Commented Jun 8, 2017 at 11:35
  • 1
    @GaryMcGill had you made a real runnable example ... you would have found out that it works fine without a script tag Commented Jun 8, 2017 at 11:40

1 Answer 1

Reset to default
2

This is a know problem. PHP's json_encode function encodes / as \/ to avoid exactly this problem.

A straightforward solution is to write your own JSON encode wrapper-function that replaces </script> by <\/script> after JSON encoding.

Maybe there is a better solution though, I'm not familiar with asp.net.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.