8000 Escape < and > when serializing HTML attribute values by annevk · Pull Request #44842 · WebKit/WebKit · GitHub
[go: up one dir, main page]
Skip to content

Escape < and > when serializing HTML attribute values #44842

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 20, 2025
Merged

Escape < and > when serializing HTML attribute values #44842

merged 1 commit into from
May 20, 2025

Conversation

annevk
Copy link
Contributor
@annevk annevk commented May 2, 2025
edited by webkit-early-warning-system
Loading

b3e11f0

Escape < and > when serializing HTML attribute values
https://bugs.webkit.org/show_bug.cgi?id=292432
rdar://150520333

Reviewed by Ryosuke Niwa and Sam Weinig.

Implement whatwg/html#6362 and add a preference
in case we find out we have to disable it in certain cases.

The preference does not impact the recently added getHTML() method on
Element and ShadowRoot as that should be new enough to not matter.

Add new test from: web-platform-tests/wpt#27501

Canonical link: https://commits.webkit.org/295149@main

b14c702

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
❌ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ✅ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🛠 🧪 jsc ✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 🧪 jsc-arm64 ✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
✅ 🛠 🧪 unsafe-merge ✅ 🛠 tv ✅ 🛠 mac-safer-cpp ✅ 🛠 jsc-armv7
✅ 🛠 tv-sim ✅ 🧪 jsc-armv7-tests
✅ 🛠 watch
✅ 🛠 watch-sim

@annevk annevk self-assigned this May 2, 2025
@annevk annevk added the DOM For bugs specific to XML/HTML DOM elements (including parsing). label May 2, 2025
@webkit-early-warning-system
Copy link
Collaborator
webkit-early-warning-system commented May 2, 2025
edited
Loading

EWS run on previous version of this PR (hash 7865a3e)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
❌ 🧪 style ❌ 🛠 ios ❌ 🛠 mac ❌ 🛠 wpe 🛠 win
✅ 🧪 bindings ❌ 🛠 ios-sim ❌ 🛠 mac-AS-debug ❌ 🧪 wpe-wk2 🧪 win-tests
✅ 🧪 webkitperl ❌ 🧪 ios-wk2 ❌ 🧪 api-mac ❌ 🧪 api-wpe
❌ 🧪 ios-wk2-wpt ❌ 🧪 mac-wk1 ❌ 🛠 wpe-cairo
🛠 🧪 jsc ❌ 🧪 api-ios ❌ 🧪 mac-wk2 ❌ 🛠 gtk
✅ 🛠 🧪 jsc-arm64 ❌ 🛠 vision ❌ 🧪 mac-AS-debug-wk2 ❌ 🧪 gtk-wk2
❌ 🛠 vision-sim ❌ 🧪 mac-wk2-stress ❌ 🧪 api-gtk
⏳ 🧪 vision-wk2 ❌ 🧪 mac-intel-wk2 ❌ 🛠 playstation
❌ 🛠 tv ❌ 🛠 mac-safer-cpp ✅ 🛠 jsc-armv7
❌ 🛠 tv-sim ✅ 🧪 jsc-armv7-tests
❌ 🛠 watch
❌ 🛠 watch-sim

@webkit-ews-buildbot webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label May 2, 2025
@annevk annevk removed the merging-blocked Applied to prevent a change from being merged label May 2, 2025
@annevk annevk force-pushed the eng/Escape-and-when-serializing-HTML-attribute-values branch from 7865a3e to 4ff571c Compare May 2, 2025 15:58
@webkit-early-warning-system
Copy link
Collaborator
webkit-early-warning-system commented May 2, 2025
edited
Loading

EWS run on previous version of this PR (hash 4ff571c)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
❌ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ❌ 🧪 wpe-wk2 ❌ 🧪 win-tests
✅ 🧪 webkitperl ❌ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
loading 🧪 webkitpy ✅ 🧪 ios-wk2-wpt ❌ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🛠 🧪 jsc ✅ 🧪 api-ios ❌ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 🧪 jsc-arm64 ✅ 🛠 vision ❌ 🧪 mac-AS-debug-wk2 ❌ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ❌ 🧪 mac-intel-wk2 ✅ 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp ✅ 🛠 jsc-armv7
✅ 🛠 tv-sim ✅ 🧪 jsc-armv7-tests
✅ 🛠 watch
✅ 🛠 watch-sim

@webkit-ews-buildbot webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label May 2, 2025
@weinig
Copy link
8000
Contributor
weinig commented May 2, 2025

I realize this is a draft, but looks good.

@annevk annevk removed the merging-blocked Applied to prevent a change from being merged label May 5, 2025
@annevk annevk force-pushed the eng/Escape-and-when-serializing-HTML-attribute-values branch from 4ff571c to 9cf7a0f Compare May 5, 2025 08:06
@webkit-early-warning-system
Copy link
Collaborator
webkit-early-warning-system commented May 5, 2025
edited
Loading

EWS run on previous version of this PR (hash 9cf7a0f)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
❌ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ❌ 🧪 wpe-wk2 ✅ 🧪 win-tests
✅ 🧪 webkitperl ❌ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🛠 🧪 jsc ✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 🧪 jsc-arm64 ✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ❌ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ❌ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp ✅ 🛠 jsc-armv7
✅ 🛠 tv-sim ✅ 🧪 jsc-armv7-tests
✅ 🛠 watch
✅ 🛠 watch-sim

@annevk annevk marked this pull request as ready for review May 5, 2025 08:06
@annevk annevk requested review from cdumez and rniwa as code owners May 5, 2025 08:06
@webkit-ews-buildbot webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label May 5, 2025
rniwa
rniwa reviewed May 5, 2025
View reviewed changes
@annevk annevk removed the merging-blocked Applied to prevent a change from being merged label May 6, 2025
@annevk annevk force-pushed the eng/Escape-and-when-serializing-HTML-attribute-values branch from 9cf7a0f to a369a55 Compare May 6, 2025 08:22
@webkit-early-warning-system
Copy link
Collaborator
webkit-early-warning-system commented May 6, 2025
edited
Loading

EWS run on previous version of this PR (hash a369a55)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
❌ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ❌ 🛠 wpe ✅ 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ❌ 🧪 wpe-wk2 ✅ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ❌ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ❌ 🛠 wpe-cairo
✅ 🛠 🧪 jsc ✅ 🧪 api-ios ✅ 🧪 mac-wk2 ❌ 🛠 gtk
✅ 🛠 🧪 jsc-arm64 ✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ❌ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ❌ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp ✅ 🛠 jsc-armv7
✅ 🛠 tv-sim ✅ 🧪 jsc-armv7-tests
✅ 🛠 watch
✅ 🛠 watch-sim

@webkit-ews-buildbot webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label May 6, 2025
@annevk annevk mentioned this pull request May 9, 2025
Closed
@annevk annevk removed the merging-blocked Applied to prevent a change from being merged label May 12, 2025
@annevk annevk force-pushed the eng/Escape-and-when-serializing-HTML-attribute-values branch from a369a55 to b14c702 Compare May 12, 2025 07:36
@webkit-early-warning-system
Copy link
Collaborator
webkit-early-warning-system commented May 12, 2025
edited
Loading

EWS run on current version of this PR (hash b14c702)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
❌ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ✅ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🛠 🧪 jsc ✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 🧪 jsc-arm64 ✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
✅ 🛠 🧪 unsafe-merge ✅ 🛠 tv ✅ 🛠 mac-safer-cpp ✅ 🛠 jsc-armv7
✅ 🛠 tv-sim ✅ 🧪 jsc-armv7-tests
✅ 🛠 watch
✅ 🛠 watch-sim

@annevk annevk added the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label May 20, 2025
@annevk
Escape < and > when serializing HTML attribute values
b3e11f0 
https://bugs.webkit.org/show_bug.cgi?id=292432
rdar://150520333

Reviewed by Ryosuke Niwa and Sam Weinig.

Implement whatwg/html#6362 and add a preference
in case we find out we have to disable it in certain cases.

The preference does not impact the recently added getHTML() method on
Element and ShadowRoot as that should be new enough to not matter.

Add new test from: web-platform-tests/wpt#27501

Canonical link: https://commits.webkit.org/295149@main
@webkit-commit-queue webkit-commit-queue force-pushed the eng/Escape-and-when-serializing-HTML-attribute-values branch from b14c702 to b3e11f0 Compare May 20, 2025 09:06
@webkit-commit-queue
Copy link
Collaborator

Committed 295149@main (b3e11f0): https://commits.webkit.org/295149@main

Reviewed commits have been landed. Closing PR #44842 and removing active labels.

@webkit-commit-queue webkit-commit-queue merged commit b3e11f0 into WebKit:main May 20, 2025
@webkit-commit-queue webkit-commit-queue removed the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label May 20, 2025
@annevk annevk deleted the eng/Escape-and-when-serializing-HTML-attribute-values branch May 20, 2025 09:08
@1jj 1jj mentioned this pull request Sep 20, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rniwa rniwa rniwa approved these changes

@weinig weinig weinig approved these changes

@cdumez cdumez Awaiting requested review from cdumez cdumez is a code owner

Assignees

@annevk annevk

Labels
DOM For bugs specific to XML/HTML DOM elements (including parsing).
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@annevk @webkit-early-warning-system @weinig @webkit-commit-queue @rniwa @webkit-ews-buildbot
0