Re: [xml] xmlSetProp Escape Free.

On 08/01/2011 05:09 PM, Zaid Amireh wrote:
Citation please.

ISO 8879, RFC 1866, REC-html40

In particular, see the note in 8.2.1 of RFC 1866.


<a href="";>

What is the actual value of the URI in the link?

Now consider:

<a href=";=5";>
<a href=";amp=5";>

Each is clear and unambiguous.

See also <URL: >.

RFC1630 (and RFC1738 and RFC1808 for that matter) states that '&' is
safe to use and all of those RFC actually don't even mention &amp;

Those RFCs are about URIs, not about HTML.  When a URI is encoded in
HTML, HTML escaping rules must be used.  Do you also think that ' and "
should be allowed in href attributes without escaping?

Chris Maden, text nerd  <URL: >
Those who learn from history are doomed to become cynics.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]