Bug Tracker

#11343 closed bug (wontfix)

Opened February 15, 2012 02:55AM UTC

Closed February 15, 2012 03:36AM UTC

Last modified February 16, 2012 05:13AM UTC

.html('<input value="<http://example.org/>" />') produces <input value="<http://example.org></http:>">

Reported by: holger@knublauch.com Owned by:
Priority: undecided Milestone: None
Component: unfiled Version: 1.7.1
Keywords: Cc:
Blocked by: Blocking:
Description

Example:

    <div id="reloadable"></div>
    <script>
        $('#reloadable').html('<input value="<http://example.org/>" />');
    </script>

This corrupts the HTML snippet - it apparently tries to convert the "XML tag" attribute value to balanced pair of XML tags. However, this is an attribute value only, and jQuery shouldn't change that.

When I use 

    $('#reloadable')[0].innerHTML = '<input value="<http://example.org/>" />';

then it works. The issue above is problematic because .html is also used by the .load() function and I see no way to work around this effect.

Attachments (0)
Change History (3)

Changed February 15, 2012 03:36AM UTC by rwaldron comment:1

resolution: → wontfix
status: newclosed

Use: '<input value="<http://example.org/>" />'

Changed February 15, 2012 04:42AM UTC by anonymous comment:2

According to the W3C HTML validator, using <.../> unescaped inside of an attribute is valid. Also, Xalan produces this HTML when rendering a DOM tree to HTML. I therefore don't see why you simply close this as a wontfix.

If this is a built-in feature of jQuery to "clean up" HTML, then please provide an option to switch this off because my server already produces well-balanced HTML tags.

Also, could you give me a better work-around - not everyone has the luxury of changing the server side code when this is coming from the server via .load(). Thanks.

Changed February 16, 2012 05:13AM UTC by holger@knublauch.com comment:3

I have narrowed it down to the following line in jQuery:

rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\\w:]+)[^>]*)\\/>/ig,

This regular expression should skip anything within "..." and '...' quotes so that only real tags are handled and not attribute values. Please reopen this bug.