This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
The XML specification forbids < in attribute values. Source 1: see the grammar for AttValue below. http://www.w3.org/TR/REC-xml/#sec-common-syn Source 2: http://www.w3.org/TR/REC-xml/#CleanAttrVals The XML serialization algorithm in the DOM Parsing and Serialization specification can produce < in XML attribute values. https://dvcs.w3.org/hg/innerhtml/raw-file/tip/index.html#dfn-concept-serialize-xml-attributes Specifically, step 2 substep 4 only quotes " and &. It should also quote < as <.
One more note -- all browsers currently quote both < (as ^<) and > (as >) in XML attributes.
How about we just spec the behavior that all browsers have, then? Quoting '<' but not '>' makes for pretty bizarre behavior when things try to paren-match and whatnot, so while it's valid XML to leave the '>' as is, it's less confusing to just escape it.
I completely agree with quoting both '<' and '>' in XML attributes. It'd be nice if the spec included a non-normative reference to the XML grammar, so other poor confused souls will easily understand why '<' and '>' are unescaped in HMTL attrs, but escaped in XML attrs.
Sounds good. I've made this change to the XML attributes serializing section, including a note referencing XML. https://dvcs.w3.org/hg/innerhtml/rev/bfa43ce953aa
Thank you very much!
*** Bug 24795 has been marked as a duplicate of this bug. ***
*** Bug 24211 has been marked as a duplicate of this bug. ***