Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you put it in a script tag you need to ensure you escape </script>. Though, it is probably safer to escape <, >, and & just to be sure.


The </script> issue is why JSON and Javascript both allow you to escape the slash character with a backslash.

So just going <\/script> is enough.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: