- From: Ian Hickson <ian@hixie.ch>
- Date: Mon, 14 Sep 2009 11:25:26 +0000 (UTC)
On Sun, 6 Sep 2009, Aryeh Gregor wrote: > > See some research here: > > http://code.google.com/p/html5lib/issues/detail?id=93 > > It seems like in addition to whitespace and "'=<> , the characters > U+0000 through U+0020 should be banned from unquoted attribute values, > as well as U+0060 (backtick `), for the sake of compatibility. On Mon, 7 Sep 2009, Geoffrey Sneddon wrote: > > Apparently Hixie had previously said he didn't want to change this as it > will become a non-issue over time. I think it does matter due to the > security issues it presents in existing UAs. Conforming markup (using > elements/attributes allowed in HTML 4.01) should not cause JS to execute > in one browser but not in another. The right fix here is to have the browsers all implement the same parser algorithm. Validators are welcome to warn about this case, though. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 14 September 2009 04:25:26 UTC