Firefox Nightly escapes < and > in attributes when serializing HTML#26688
Conversation
|
Tip: Review these changes grouped by change (recommended for most PRs), or grouped by feature (for large PRs). |
Co-authored-by: Claas Augner <495429+caugner@users.noreply.github.com>
|
Thanks very much for the help @caugner . Updated. |
caugner
left a comment
There was a problem hiding this comment.
LGTM, just one nit: We have subfeatures accepts_*, so escapes_* is preferable to escape_*.
caugner
left a comment
There was a problem hiding this comment.
Sorry, I missed this: Technically, this is not on the standard-track yet.
Co-authored-by: Claas Augner <495429+caugner@users.noreply.github.com>
Sorry I missed that too. Merged all those. |
| "description": "Serializes `<` and `>` in attributes as `&lt;` and `&gt;` (see [this spec issue](https://github.com/whatwg/html/issues/6235))", | ||
| "support": { | ||
| "chrome": { | ||
| "version_added": false |
There was a problem hiding this comment.
Do we know if Chromium intentionally doesn't implement this?
Otherwise, would it make sense to ask in https://issues.chromium.org/issues/40747109, and add this bug as impl_url here?
There was a problem hiding this comment.
Probably - at the end it says "Currently, there's an ongoing finch experiment to enable escaping for 50% of Canary, Dev and Beta and 1% of Stable. As far as I'm aware, there's been no complaints so far."
I'm mostly interested in Firefox :-)
< and > in attributes when serializing HTML
FF139 adds support for escaping
<and>to<and>in attributes when serializing HTML in https://bugzilla.mozilla.org/show_bug.cgi?id=1941347. This affects all the obvious methods like innerHTML, outerHTML, getHTML.This is enabled in nightly from FF139 (associated pref is
dom.security.html_serialization_escape_lt_gt)Some questions inline.
Related docs work can be tracked in mdn/content#39309