- From: Geoffrey Sneddon <foolistbar@googlemail.com>
- Date: Mon, 7 Sep 2009 18:34:10 +0100
On 6 Sep 2009, at 12:35, Aryeh Gregor wrote: > See some research here: > > http://code.google.com/p/html5lib/issues/detail?id=93 > > It seems like in addition to whitespace and "'=<> , the characters > U+0000 through U+0020 should be banned from unquoted attribute values, > as well as U+0060 (backtick `), for the sake of compatibility. Apparently Hixie had previously said he didn't want to change this as it will become a non-issue over time. I think it does matter due to the security issues it presents in existing UAs. Conforming markup (using elements/attributes allowed in HTML 4.01) should not cause JS to execute in one browser but not in another. -- Geoffrey Sneddon <http://gsnedders.com/>
Received on Monday, 7 September 2009 10:34:10 UTC