classification
Title: HTMLParser Attributes Containing Escaped Quotes
Type: Stage:
Components: Library (Lib) Versions: Python 3.0
process
Status: closed Resolution: wont fix
Dependencies: Superseder:
Assigned To: Nosy List: ericryk, georg.brandl
Priority: normal Keywords:

Created on 2009-06-21 06:51 by ericryk, last changed 2009-06-21 09:50 by georg.brandl. This issue is now closed.

Messages (3)
msg89555 - (view) Author: Eric (ericryk) Date: 2009-06-21 06:51
The line:
n.feed('<a onclick="alert(\\"test\\")">test</a>')

is not matched by the regular expressions for attributes.
msg89556 - (view) Author: Eric (ericryk) Date: 2009-06-21 07:05
More specifically, the attributes cannot contain escaped quotes of the
same kind that the attribute value is wrapped in.
msg89558 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2009-06-21 09:50
That snippet is not valid HTML.  The attribute string is not a JS
string, so quotes in it must be escaped with '&quot;', not '\"'.
History
Date User Action Args
2009-06-21 09:50:31georg.brandlsetstatus: open -> closed

nosy: + georg.brandl
messages: + msg89558

resolution: wont fix
2009-06-21 07:05:48ericryksetmessages: + msg89556
title: HTMLParser Attributes Containing Javascript -> HTMLParser Attributes Containing Escaped Quotes
2009-06-21 06:51:05ericrykcreate