nitotm
Reputation: 579
document.title escapes Html, is this standard and solid across all browsers?
If I pre-escape my title string 'cats & dogs' to be set with JavaScript doing document.title='cats & dogs'; I will get exactly that in the Title, and 'cats & dogs' in the Html.
So obviously the correct is to pass an unescaped string to document.title, but I want to be reassured and ask if this is reliable and safe across all Browsers, and no browser would ever set something like <script> unescaped.
Upvotes: 0
Views: 438
Answers (1)
Steven Lambert
Reputation: 5891
The HTML spec for document.title says to use string replace all when setting the value. This means it creates a Text node and sets the contents as the desired value. Since Text nodes cannot contain HTML, you should be safe in all browsers.
Upvotes: 1
Related Questions
- special characters in title tag
- Escape single quotes in title
- Making document.title untouchable for Javascript
- Does javascript's "document.title" method get indexed by search engines
- HTML "title" attribute: any limitation on which tag to apply it on?
- Can UTF-8 encoded characters be used in a page title?
- why does the HTML symbol for ▶ not work in document.title
- HTML symbol as page title with Javascript
- Set &raquo; HTML entity in JavaScript's document.title?
- Do you need to HTML encode Title tags?