Bug 1031 – HtmlSerializer: <noscript> text node children are always unescaped

NOTE: The current preferred location for bug reports is the GitHub issue tracker.

Bug 1031 - HtmlSerializer: <noscript> text node children are always unescaped


Summary:	HtmlSerializer: <noscript> text node children are always unescaped

Status:	NEW

Product:	Validator.nu
Classification:	Unclassified
Component:	HTML parser
Version:	HEAD
Hardware:	All All

Importance:	P2 minor
Assigned To:	Nobody

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-12-14 10:51 CET by Tim Starling
Modified:	2016-12-14 10:51 CET (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Starling 2016-12-14 10:51:35 CET

The standard says "If the parent of current node is a style, script, xmp, iframe, noembed, noframes, or plaintext element, or if the parent of current node is a noscript element and scripting is enabled for the node, then append the value of current node's data IDL attribute literally."

However, nu.validator.htmlparser.sax.HtmlSerializer always has "noscript" in NON_ESCAPING, there's no way to turn it on and off depending on the scripting flag.

Encountered during testing, this is not a problem for us in production.