Summary: We want to change the escaping of HTML attribute values to include "<" (<) and ">" (>). The fact that these characters are not escaped currently can lead to security issues in HTML parsers and sanitizers. (Currently Nightly-only) Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1941347 Specification: https://github.com/whatwg/html/pull/6362 Standards Body: WhatWG Platform coverage: everywhere Preference: dom.security.html_serialization_escape_lt_gt DevTools bug: n/a Link to standards-positions discussion: none Other browsers: - Chrome: Rollout on Stable https://github.com/whatwg/html/issues/6235#issuecomment-2729072764 - Webkit: no information
-- You received this message because you are subscribed to the Google Groups "dev-platform@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-platform+unsubscr...@mozilla.org. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CA%2BCWiYjAzbBWXKaEixrkzcB%3DnKFH%3Dwx1gKj8_ed__on4%3Dw9htw%40mail.gmail.com.
