What is CDATA in HTML? [duplicate]
This question already has an answer here:
When is a CDATA section necessary within a script tag?
All text in an XML document will be parsed by the parser.
But text inside a CDATA section will be ignored by the parser.
CDATA – (Unparsed) Character Data
The term CDATA is used about text data that should not be parsed by the XML parser.
Characters like “<” and “&” are illegal in XML elements.
“<” will generate an error because the parser interprets it as the start of a new element.
“&” will generate an error because the parser interprets it as the start of an character entity.
Everything inside a CDATA section is ignored by the parser.
A CDATA section starts with “
<![CDATA[” and ends with “
Use of CDATA in program output
CDATA sections in XHTML documents are liable to be parsed differently by web browsers if they render the document as HTML, since HTML parsers do not recognise the CDATA start and end markers, nor do they recognise HTML entity references such as
<script>tags. This can cause rendering problems in web browsers and can lead to cross-site scripting vulnerabilities if used to display data from untrusted sources, since the two kinds of parsers will disagree on where the CDATA section ends.
Also, see the Wikipedia entry on CDATA.
CDATA has no meaning at all in HTML.
CDATA is an XML construct which sets a tag’s contents that is normally #PCDATA – parsed character data, to be instead taken as #CDATA, that is, non-parsed character data. It is only relevant and valid in XHTML.
It is used in
script tags to avoid parsing
&. In HTML, this is not needed, because in HTML,
script is already #CDATA.
Since it is useful to be able to use less-than signs (<) and
ampersands (&) in web page scripts, and to a lesser extent styles,
without having to remember to escape them, it is common to use CDATA
markers around the text of inline and elements in
XHTML documents. But so that the document can also be parsed by HTML
parsers, which do not recognise the CDATA markers, the CDATA markers
A way to write a common subset of HTML and XHTML, in the hope of greater portability.
<script> is magic escapes everything until
So you can write:
<script>x = '<br/>';
<br/> won’t be considered a tag.
This is why strings such as:
x = '</scripts>'
must be escaped like:
x = '</scri' + 'pts>'
But XML (and thus XHTML, which is a “subset” of XML, unlike HTML), doesn’t have that magic:
<br/> would be seen as a tag.
<![CDATA[ is the XHTML way to say:
don’t parse any tags until the next
]]>, consider it all a string
// is added to make the CDATA work well in HTML as well.
// is used to comment it out.
The XHTML also sees the
//, but will observe it as an empty comment line which is not a problem:
- compliant browsers should recognize if the document is HTML or XHTML from the initial doctype
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
- compliant websites could rely on compliant browsers, and coordinate doctype with a single valid
But that violates the golden rule of the Internet:
don’t trust third parties, or your product will break
CDATA is Obsolete.
Note that CDATA sections should not be used within HTML; they only work in XML.
So do not use it in HTML 5.
CDATA is a sequence of characters from the document character set and may include character entities. User agents should interpret attribute values as follows:
Replace character entities with characters,
Ignore line feeds,
Replace each carriage return or tab with a single space.