Bug Tracker

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#11343 closed bug (wontfix)

.html('<input value="<http://example.org/>" />') produces <input value="<http://example.org></http:>">

Reported by: holger@… Owned by:
Priority: undecided Milestone: None
Component: unfiled Version: 1.7.1
Keywords: Cc:
Blocked by: Blocking:



    <div id="reloadable"></div>
        $('#reloadable').html('<input value="<http://example.org/>" />');

This corrupts the HTML snippet - it apparently tries to convert the "XML tag" attribute value to balanced pair of XML tags. However, this is an attribute value only, and jQuery shouldn't change that.

When I use

    $('#reloadable')[0].innerHTML = '<input value="<http://example.org/>" />';

then it works. The issue above is problematic because .html is also used by the .load() function and I see no way to work around this effect.

Change History (3)

comment:1 Changed 7 years ago by Rick Waldron

Resolution: wontfix
Status: newclosed

Use: '<input value="&lt;http://example.org/&gt;" />'

comment:2 Changed 7 years ago by anonymous

According to the W3C HTML validator, using <.../> unescaped inside of an attribute is valid. Also, Xalan produces this HTML when rendering a DOM tree to HTML. I therefore don't see why you simply close this as a wontfix.

If this is a built-in feature of jQuery to "clean up" HTML, then please provide an option to switch this off because my server already produces well-balanced HTML tags.

Also, could you give me a better work-around - not everyone has the luxury of changing the server side code when this is coming from the server via .load(). Thanks.

comment:3 Changed 7 years ago by holger@…

I have narrowed it down to the following line in jQuery:

rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[>]*)\/>/ig,

This regular expression should skip anything within "..." and '...' quotes so that only real tags are handled and not attribute values. Please reopen this bug.

Note: See TracTickets for help on using tickets.