[whatwg] Parsing: < in unquoted attribute values
Jonas Sicking
jonas at sicking.cc
Wed Apr 25 17:17:12 PDT 2007
Anne van Kesteren wrote:
> On Wed, 25 Apr 2007 00:03:40 +0200, Simon Pieters <zcorpan at gmail.com>
> wrote:
>> The parsing section says that < in an unquoted attribute value
>> terminates the tag. However, according to my testing[1], IE7, Gecko,
>> Opera and Webkit don't do this -- they append the < to the attribute
>> value. So I think the parsing section is wrong here.
>
> IE also lets < be an attribute. It can also be part of an attribute or
> element name. This means that:
>
> <p</p>test
>
> will become a 'p<' element with a 'p' attribute which has 'test' as
> textContent. This basically means less exceptions in the tokenizer for
> the '<' character which would be fine with me.
We do no longer support this in mozilla (if we ever did). A reason we
now explicitly forbid this is we don't want it to ever be possible to
create elements with 'illegal' names. Same thing goes for attribute
names. This is partially for security reasons since some elements and
attributes carry very important security information.
I fully agree with Simons original proposal though.
/ Jonas
More information about the whatwg
mailing list