The easiest and safest way to avoid the rather strange restrictions described in
this section is to always escape an ASCII case-insensitive match for "<!--" as "<\!--", "<script" as "<\script", and "</script" as "<\/script" when these sequences appear
+ data-x=""><!--" as "\x3C!--", "<script" as "\x3Cscript", and "</script" as "\x3C/script" when these sequences appear
in literals in scripts (e.g. in strings, regular expressions, or comments), and to avoid writing
code that uses such constructs in expressions. Doing so avoids the pitfalls that the restrictions
in this section are prone to triggering: namely, that, for historical reasons, parsing of
@@ -59551,8 +59551,8 @@ console.log(example);
avoided entirely:
<script>
- // Note: `\s` is an escape sequence for `s`.
- var example = 'Consider this string: <\!-- <\script>';
+ // Note: `\x3C` is an escape sequence for `<`.
+ var example = 'Consider this string: \x3C!-- \x3Cscript>';
console.log(example);
</script>
<!-- this is just a comment between script blocks -->