From 1896a6a7a9b344d93821dd4e397122f932dec10b Mon Sep 17 00:00:00 2001
From: Simon Pieters <zcorpan@gmail.com>
Date: Fri, 5 Feb 2021 10:59:45 +0100
Subject: [PATCH] Escape "<" and ">" when serializing attribute values

Avoid a class of XSS attacks where markup goes through
a lossy parse-serialize-parse roundtrip and the original
attribute value is parsed in the data state.

This reverts 4eeb8a1706c9545d5aedb5d569d7f55778da9782.

Fixes #6235.
---
 source | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/source b/source
index 1034bc5fd38..8b57cd139a4 100644
--- a/source
+++ b/source
@@ -136053,14 +136053,15 @@ console.assert(container.firstChild instanceof SuperP);
    <li><p>Replace any occurrences of the U+00A0 NO-BREAK SPACE character by the string "<code
    data-x="">&amp;nbsp;</code>".</p></li>
 
-   <li><p>If the algorithm was invoked in the <i>attribute mode</i>, replace any occurrences of the
-   "<code data-x="">&quot;</code>" character by the string "<code
-   data-x="">&amp;quot;</code>".</p></li>
+   <li><p>Replace any occurrences of the "<code data-x="">&lt;</code>" character by the string
+   "<code data-x="">&amp;lt;</code>".</p></li>
+
+   <li><p>Replace any occurrences of the "<code data-x="">&gt;</code>" character by the string
+   "<code data-x="">&amp;gt;</code>".</p></li>
 
-   <li><p>If the algorithm was <em>not</em> invoked in the <i>attribute mode</i>, replace any
-   occurrences of the "<code data-x="">&lt;</code>" character by the string "<code
-   data-x="">&amp;lt;</code>", and any occurrences of the "<code data-x="">&gt;</code>" character by
-   the string "<code data-x="">&amp;gt;</code>".</p></li>
+   <li><p>If the algorithm was invoked in the <i>attribute mode</i>, then replace any occurrences of
+   the "<code data-x="">&quot;</code>" character by the string "<code
+   data-x="">&amp;quot;</code>".</p></li>
   </ol>