This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: HTMLParser Attributes Containing Escaped Quotes
Type: Stage:
Components: Library (Lib) Versions: Python 3.0
Status: closed Resolution: wont fix
Dependencies: Superseder:
Assigned To: Nosy List: ericryk, georg.brandl
Priority: normal Keywords:

Created on 2009-06-21 06:51 by ericryk, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Messages (3)
msg89555 - (view) Author: Eric (ericryk) Date: 2009-06-21 06:51
The line:
n.feed('<a onclick="alert(\\"test\\")">test</a>')

is not matched by the regular expressions for attributes.
msg89556 - (view) Author: Eric (ericryk) Date: 2009-06-21 07:05
More specifically, the attributes cannot contain escaped quotes of the
same kind that the attribute value is wrapped in.
msg89558 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2009-06-21 09:50
That snippet is not valid HTML.  The attribute string is not a JS
string, so quotes in it must be escaped with '&quot;', not '\"'.
Date User Action Args
2022-04-11 14:56:50adminsetgithub: 50567
2009-06-21 09:50:31georg.brandlsetstatus: open -> closed

nosy: + georg.brandl
messages: + msg89558

resolution: wont fix
2009-06-21 07:05:48ericryksetmessages: + msg89556
title: HTMLParser Attributes Containing Javascript -> HTMLParser Attributes Containing Escaped Quotes
2009-06-21 06:51:05ericrykcreate