Bug Tracker

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#13821 closed bug (wontfix)

.html() corrupts attribute values containing things that look like self-closing tags

Reported by: roan.kattouw@… Owned by:
Priority: undecided Milestone: None
Component: unfiled Version: 1.9.1
Keywords: Cc:
Blocked by: Blocking:


h = '<span data-foo="foo<bar />baz">quux</span>';
d = $( '<div>' ).html( h );
    "<span data-foo="foo<bar ></span>baz">quux</span>"

This happens because rxhtmlTag mistakenly believes my <span> is self-closed, because it sees <span followed by />, and "helpfully" tries to close it for me.

In Chrome, this is slightly less of an issue than in Firefox. If you have a DOM that looks like the one in my example, Chrome's .innerHTML will have the < and > escaped as &lt; and &gt (which doesn't match rxhtmlTag); while Firefox's .innerHTML will have them as literals (which does match rxhtmlTag).

I wonder why rxhtmlTag exists in the first place. It's not documented in the source code at all, and it breaks things. Is it because IE's behavior with self-closing tags?

Change History (4)

comment:1 Changed 6 years ago by roan.kattouw@…

jsfiddle demonstrating the bug: http://jsfiddle.net/FZs9P/ (breaks in Firefox, works in Chrome)

comment:2 in reply to:  1 Changed 6 years ago by anonymous

Replying to roan.kattouw@…:

jsfiddle demonstrating the bug: http://jsfiddle.net/FZs9P/ (breaks in Firefox, works in Chrome)

URL that actually works: http://jsfiddle.net/FZs9P/2/

comment:3 Changed 6 years ago by gibson042

Resolution: wontfix
Status: newclosed

Amazingly enough, it is possible to fix this concisely. But I'll give you a hint of the mess we're likely to leave behind by doing so:

rxhtmlTag = new RegExp( "<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\\w:]+)(?:" +
  jQuery.expr.match.ATTR.source.replace(/^.*?\[|(\\\\)\.|(?=\\)(\d)|.]$/g, function( str, backslash, capture ) {
    return +capture + 2 || backslash || "";
  }) +
"gi" )

Better to let sleeping dogs lie, methinks.

comment:4 Changed 6 years ago by dmethvin

As far as I can tell, this patch was put waaaaay back (before 2007) so that people could use invalid markup like <div id="haha" /> and after that much time I have no doubt it's widespread enough that we couldn't ever contemplate pulling it out.

Note: See TracTickets for help on using tickets.