document.write (DW): 

• Executes where encountered by User 

• Can be used for adding script elements 

• Only works while the page is loading; If you call it after the page is done loading, it will overwrite the whole page. 

Why It Is Used: 

• You can overwrite the entire content in a frame/iframe 

• Way to embed inline content from an external script (to host/domain)  

• It is the most reliable way for the content (Widget or Ad) to “know” where the HTML author intends for it to be placed. 

• Scripts can have a negative impact on page performance and modern browsers have taken to blocking scripts. DW can be used to inject and bypass these blocks. 

• It works everywhere, all the time 

Why It Shouldn’t Be Used: 

• Serializes the rendering engine to pause until external script is loaded. This could take much longer to load than an internal (none-DW) script. 

• Browser must download, parse, and execute the first external JavaScript resource before it executes the document.write() that fetches the additional external resources.  

• No single script should have the right to control (alter) a page before it’s ready to be viewed  

Common Examples: 

• Twitter Stream 

• Google Analytics 

What We Could Do To Improve User Experience with Tag Auditor: 

• Look for DW in the code 

• Make a note in the Db (Flag) 

• When a Tag is seen firing from a Tag Manager AND placed directly on the site 

• Cross reference the flag 

• Display a option to show with/without DW Relationship(s) 

• Like New Tag & Non-Secure Filters 
   

• Andy’s Thoughts 

What Authors Can Do To Minimize The Use of document.write 

• Use safer embedding tools like: 

• Google Caja: https://developers.google.com/caja/ 

• Ad Safe: http://www.adsafe.org/