0

I can't find out what the problem is with this line of code:

…sc', '<h4 class="vtem_news_show_title">Nesmet El Bouhaira</h4>');$('#vtem1 img…

This is the error message I receive:

**document type does not allow element "h4" here**

What do I need to change?

This is the whole <script>:

<script type="text/javascript">
    var vtemnewsshow = jQuery.noConflict();
    (function($) {
        $(document).ready(function() {
            $('#vtem0 img').data('ad-desc', '<h4>Nesmet El Bouhaira</h4>');
            $('#vtem1 img').data('ad-desc', '<h4>Tunis Mall 1</h4>');
            $('#vtemnewsshowid89-newsshow').adGallery({
                loader_image: 'http://laselection-immobiliere.com/modules/mod_vtem_news_show/images/loading.gif',
                update_window_hash: false,
                start_at_index: 0,
                bottompos: 20,
                thumb_opacity: 0.8,
                animation_speed: 400,
                width: '970',
                height: '340',
                display_next_and_prev: 1,
                display_back_and_forward: 0,
                slideshow: {
                    autostart: 1,
                    speed: 5000
                },
                effect: 'slide-hori', // or 'slide-vert', 'fade', or 'resize', 'none'
                enable_keyboard_move: 1,
                link_target: '_self'
            });
        });
    })(jQuery);
</script>
Linus Kleen
  • 31,276
  • 11
  • 85
  • 97
Boytun
  • 43
  • 10

1 Answers1

-3

If your Javascript contains HTML tags, a validator considers these part of the document, unless you prefix your code like this:

<script type="text/javascript">
//<![CDATA[
jQuery.data(element, '<h1>Hello, world.</h1>');
//]]>
</script>

You might have come across another way to resolve this issue:

<script type="text/javascript">
jQuery.data(element, '<' + 'h1>Hello, world.<' + '/h1>');
</script>

This basically chops the string to "hide" the tags from a validator. It makes code harder to read and I'd never prefer this "hack" to the CDATA solution.

Please have a look at this question, which is rather old but has a lot of answers.

Community
  • 1
  • 1
Linus Kleen
  • 31,276
  • 11
  • 85
  • 97
  • 5
    There's so much wrong with this answer. First of all: `document.write`. Secondly: `document.write`. Did I mention `document.write`? – Cerbrus Oct 29 '14 at 09:10
  • @Cerbrus - What's wrong with this answer isn't `document.write`, even before the edit. – Alohci Oct 29 '14 at 09:16
  • 2
    `console.log()` some `` makes no sense while [`document.write()`](http://stackoverflow.com/a/802943/731947) – CSᵠ Oct 29 '14 at 09:28
  • @Cerbrus This is an *example* to make a point about escaping the output not a best-use case example of how to get content into the document. Your downvote and the edit in particular are invalid. The latter I've rolled back. – Linus Kleen Oct 29 '14 at 09:57
  • 1
    @LinusKleen so by your logic, it's fine to introduce SQL/XSS/Shell injections into my examples, because they're just examples and there's **no way** that ***anyone*** would ***ever*** copy and paste it into his code, right? Even though there's no actual security vulnerability in your specific example, you're promoting `document.write` whether you want to or not. – Madara's Ghost Oct 29 '14 at 10:50
  • @Cerbrus et.al. Are you even aware of the OP's *question*? In case you're not, it's not "how do I append content to my DOM". The fact aside that your personal distaste of a function leads you to conclude the answer were "wrong", you give no basis for this. And since this question isn't about `document.write` and the OP uses jQuery, I changed it to jQuery. – Linus Kleen Oct 29 '14 at 11:32