W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2006

[whatwg] Parsing: Disallow slashes in unquoted attribute values?

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 20 Oct 2006 01:29:46 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0610200128370.1629@dhalsim.dreamhost.com>
On Fri, 20 Oct 2006, Bjoern Hoehrmann wrote:
>
> * Ian Hickson wrote:
> >It is very common to see markup such as:
> >
> >   <a href=http://example.com/>Example</a>
> >
> >I don't see any good reason to make that non-conforming in HTML5.
> 
> It is very common to see code such as:
> 
>   echo "<foo bar=" . htmlescape($userinput) . ">...";

...and that will also be compliant, assuming $userinput doesn't have any 
spaces or ">" characters in it. We can't do much about the case where it 
has spaces or ">" characters in it, since we are constrained by how legacy 
UAs parse HTML.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 19 October 2006 18:29:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:29 UTC