https://github.com/mozilla/standards-positions/issues/1209
On Wed, Apr 23, 2025 at 11:23 AM Tom Schuster <tschus...@mozilla.com> wrote: > > Summary: We want to change the escaping of HTML attribute values to > include "<" (<) and ">" (>). > The fact that these characters are not escaped currently can lead to > security issues in HTML parsers and sanitizers. (Currently > Nightly-only) > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1941347 > Specification: https://github.com/whatwg/html/pull/6362 > Standards Body: WhatWG > Platform coverage: everywhere > Preference: dom.security.html_serialization_escape_lt_gt > DevTools bug: n/a > Link to standards-positions discussion: none > Other browsers: > - Chrome: Rollout on Stable > https://github.com/whatwg/html/issues/6235#issuecomment-2729072764 > - Webkit: no information -- You received this message because you are subscribed to the Google Groups "dev-platform@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-platform+unsubscr...@mozilla.org. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CA%2BCWiYjWgp6UX9TdnaPkjUCP3qZA%2Bdd3GJuD%2BzSy7MdzdK6n5Q%40mail.gmail.com.
