NOTE: The current preferred location for bug reports is the GitHub issue tracker.
Bug 329 - Don't escape '<' and '>' in attribute values, to handle http://www.expedia.com/pub/agent.dll?qscr=cars&itid=&itdx=&itty=&&ploc=&plo2=&flag=&subm=1&tovr=-1294637292&styp=1&locn=Denver&loid=&astr=&acty=&astt=&azip=&date1=10%2F24%2F2008&time1=660&date2=10...
Don't escape '<' and '>' in attribute values, to handle http://www.expedia.co...
Status: NEW
Product: Validator.nu
Classification: Unclassified
Component: HTML parser
HEAD
All All
: P2 normal
Assigned To: Nobody
http://svn.whatwg.org/webapps/source?...
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-24 22:01 CET by Henri Sivonen
Modified: 2009-11-23 17:17 CET (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Henri Sivonen 2008-11-24 22:01:19 CET
Index: source
===================================================================
--- source	(revision 2362)
+++ source	(revision 2363)
@@ -56985,14 +56985,15 @@
   purposes of the algorithm above) consists of replacing any
   occurrences of the "<code title="">&amp;</code>" character by the
   string "<code title="">&amp;amp;</code>", any occurrences of the
-  "<code title="">&lt;</code>" character by the string "<code
+  U+00A0 NO-BREAK SPACE character by the string "<code
+  title="">&amp;nbsp;</code>", and, if the algorithm was invoked in
+  the <i>attribute mode</i>, any occurrences of the "<code
+  title="">&quot;</code>" character by the string "<code
+  title="">&amp;quot;</code>", or if it was not, any occurrences of
+  the "<code title="">&lt;</code>" character by the string "<code
   title="">&amp;lt;</code>", any occurrences of the "<code
   title="">&gt;</code>" character by the string "<code
-  title="">&amp;gt;</code>", any occurrences of the U+00A0 NO-BREAK
-  SPACE character by the string "<code title="">&amp;nbsp;</code>",
-  and, if the algorithm was invoked in the <i>attribute mode</i>, any
-  occurrences of the "<code title="">&quot;</code>" character by the
-  string "<code title="">&amp;quot;</code>".</p>
+  title="">&amp;gt;</code>".</p>
 
   <p class="note">Entity reference nodes are <a
   href="#entity-references">assumed to be expanded</a> by the user
Comment 1 Henri Sivonen 2009-08-21 10:20:11 CEST
The original summary for this bug was longer than 255 characters, and so it was truncated when Bugzilla was upgraded. The original summary was:

Don't escape '<' and '>' in attribute values, to handle http://www.expedia.com/pub/agent.dll?qscr=cars&itid=&itdx=&itty=&&ploc=&plo2=&flag=&subm=1&tovr=-1294637292&styp=1&locn=Denver&loid=&astr=&acty=&astt=&azip=&date1=10%2F24%2F2008&time1=660&date2=10%2F25%2F2008&time2=660&loc2=&loi2=&rdus=10&cark=1&kind=1&optn=1&vend=&fspeceq=1&rdct=1 (credit: sp)