From f1eaecc63026f29218d451d29d4a4dad0aa1a4f4 Mon Sep 17 00:00:00 2001 From: Gingeh <39150378+Gingeh@users.noreply.github.com> Date: Thu, 22 May 2025 14:53:53 +1000 Subject: [PATCH] LibWeb: Escape "<" and ">" when serializing attribute values See https://github.com/whatwg/html/pull/6362 --- Libraries/LibWeb/HTML/Parser/HTMLParser.cpp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp b/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp index cefcb92edb0..325d461c176 100644 --- a/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp +++ b/Libraries/LibWeb/HTML/Parser/HTMLParser.cpp @@ -4698,14 +4698,15 @@ static String escape_string(StringView string, AttributeMode attribute_mode) // 2. Replace any occurrences of the U+00A0 NO-BREAK SPACE character by the string " ". else if (code_point == 0xA0) builder.append(" "sv); - // 3. If the algorithm was invoked in the attribute mode, replace any occurrences of the """ character by the string """. + // 3. Replace any occurrences of the "<" character by the string "<". + else if (code_point == '<') + builder.append("<"sv); + // 4. Replace any occurrences of the ">" character by the string ">". + else if (code_point == '>') + builder.append(">"sv); + // 5. If the algorithm was invoked in the attribute mode, then replace any occurrences of the """ character by the string """. else if (code_point == '"' && attribute_mode == AttributeMode::Yes) builder.append("""sv); - // 4. If the algorithm was not invoked in the attribute mode, replace any occurrences of the "<" character by the string "<", and any occurrences of the ">" character by the string ">". - else if (code_point == '<' && attribute_mode == AttributeMode::No) - builder.append("<"sv); - else if (code_point == '>' && attribute_mode == AttributeMode::No) - builder.append(">"sv); else builder.append_code_point(code_point); }