[whatwg] Parsing: < in unquoted attribute values

Anne van Kesteren wrote:
> On Wed, 25 Apr 2007 00:03:40 +0200, Simon Pieters <zcorpan at gmail.com> 
> wrote:
>> The parsing section says that < in an unquoted attribute value 
>> terminates the tag. However, according to my testing[1], IE7, Gecko, 
>> Opera and Webkit don't do this -- they append the < to the attribute 
>> value. So I think the parsing section is wrong here.
> 
> IE also lets < be an attribute. It can also be part of an attribute or 
> element name. This means that:
> 
>   <p</p>test
> 
> will become a 'p<' element with a 'p' attribute which has 'test' as 
> textContent. This basically means less exceptions in the tokenizer for 
> the '<' character which would be fine with me.

We do no longer support this in mozilla (if we ever did). A reason we 
now explicitly forbid this is we don't want it to ever be possible to 
create elements with 'illegal' names. Same thing goes for attribute 
names. This is partially for security reasons since some elements and 
attributes carry very important security information.

I fully agree with Simons original proposal though.

/ Jonas

Received on Wednesday, 25 April 2007 17:17:12 UTC