24174 2013-12-28 21:58:53 +0000 < should be quoted in attribute values 2014-10-13 23:45:48 +0000 1 1 1 Unclassified WebAppsWG DOM Parsing and Serialization unspecified PC All RESOLVED FIXED P2 normal --- 24795 1 costan travil bzbarsky mike Ms2ger www-dom public-webapps-bugzilla oldest_to_newest 97879 0 costan 2013-12-28 21:58:53 +0000 The XML specification forbids < in attribute values. Source 1: see the grammar for AttValue below. http://www.w3.org/TR/REC-xml/#sec-common-syn Source 2: http://www.w3.org/TR/REC-xml/#CleanAttrVals The XML serialization algorithm in the DOM Parsing and Serialization specification can produce < in XML attribute values. https://dvcs.w3.org/hg/innerhtml/raw-file/tip/index.html#dfn-concept-serialize-xml-attributes Specifically, step 2 substep 4 only quotes " and &. It should also quote < as <. 97994 1 costan 2014-01-04 19:29:33 +0000 One more note -- all browsers currently quote both < (as ^<) and > (as >) in XML attributes. 99665 2 bzbarsky 2014-02-04 17:48:54 +0000 How about we just spec the behavior that all browsers have, then? Quoting '<' but not '>' makes for pretty bizarre behavior when things try to paren-match and whatnot, so while it's valid XML to leave the '>' as is, it's less confusing to just escape it. 99693 3 costan 2014-02-04 21:54:26 +0000 I completely agree with quoting both '<' and '>' in XML attributes. It'd be nice if the spec included a non-normative reference to the XML grammar, so other poor confused souls will easily understand why '<' and '>' are unescaped in HMTL attrs, but escaped in XML attrs. 101301 4 travil 2014-02-25 01:14:07 +0000 Sounds good. I've made this change to the XML attributes serializing section, including a note referencing XML. https://dvcs.w3.org/hg/innerhtml/rev/bfa43ce953aa 101318 5 costan 2014-02-25 08:38:45 +0000 Thank you very much! 113055 6 travil 2014-10-13 23:44:29 +0000 *** Bug 24795 has been marked as a duplicate of this bug. *** 113057 7 travil 2014-10-13 23:45:48 +0000 *** Bug 24211 has been marked as a duplicate of this bug. ***