All text in an XML document will be parsed by the parser.
But text inside a CDATA section will be ignored by the parser.
CDATA - (Unparsed) Character Data
The term CDATA is used about text data that should not be parsed by the XML parser.
Characters like "<" and "&" are illegal in XML elements.
"<" will generate an error because the parser interprets it as the start of a new element.
"&" will generate an error because the parser interprets it as the start of an character entity.
Everything inside a CDATA section is ignored by the parser.
A CDATA section starts with "
<![CDATA[" and ends with "
Use of CDATA in program output
CDATA sections in XHTML documents are liable to be parsed differently by web browsers if they render the document as HTML, since HTML parsers do not recognise the CDATA start and end markers, nor do they recognise HTML entity references such as
<script>tags. This can cause rendering problems in web browsers and can lead to cross-site scripting vulnerabilities if used to display data from untrusted sources, since the two kinds of parsers will disagree on where the CDATA section ends.
Also, see the Wikipedia entry on CDATA.
CDATA has no meaning at all in HTML.
CDATA is an XML construct which sets a tag's contents that is normally #PCDATA - parsed character data, to be instead taken as #CDATA, that is, non-parsed character data. It is only relevant and valid in XHTML.
It is used in
script tags to avoid parsing
&. In HTML, this is not needed, because in HTML,
script is already #CDATA.
CDATA is Obsolete.
Note that CDATA sections should not be used within HTML; they only work in XML.
So do not use it in HTML 5.
A way to write a common subset of HTML and XHTML
In the hope of greater portability.
<script> is magic escapes everything until
So you can write:
<script>x = '<br/>';
<br/> won't be considered a tag.
This is why strings such as:
x = '</scripts>'
must be escaped like:
x = '</scri' + 'pts>'
But XML (and thus XHTML, which is a "subset" of XML, unlike HTML), doesn't have that magic:
<br/> would be seen as a tag.
<![CDATA[ is the XHTML way to say:
don't parse any tags until the next
]]>, consider it all a string
// is added to make the CDATA work well in HTML as well.
// is used to comment it out.
The XHTML also sees the
//, but will observe it as an empty comment line which is not a problem:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
But that violates the golden rule of the Internet:
don't trust third parties, or your product will break
CDATA is a sequence of characters from the document character set and may include character entities. User agents should interpret attribute values as follows: Replace character entities with characters,
Ignore line feeds,
Replace each carriage return or tab with a single space.
©2020 All rights reserved.