diff options
Diffstat (limited to 'chromium/third_party/libxml/src/HTMLtree.c')
| -rw-r--r-- | chromium/third_party/libxml/src/HTMLtree.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/chromium/third_party/libxml/src/HTMLtree.c b/chromium/third_party/libxml/src/HTMLtree.c index b442dd01958..fa3a0ed38a8 100644 --- a/chromium/third_party/libxml/src/HTMLtree.c +++ b/chromium/third_party/libxml/src/HTMLtree.c @@ -701,10 +701,15 @@ htmlAttrDumpOutput(xmlOutputBufferPtr buf, xmlDocPtr doc, xmlAttrPtr cur) { while (IS_BLANK_CH(*tmp)) tmp++; /* - * the < and > have already been escaped at the entity level - * And doing so here breaks server side includes + * Angle brackets are technically illegal in URIs, but they're + * used in server side includes, for example. Curly brackets + * are illegal as well and often used in templates. + * Don't escape non-whitespace, printable ASCII chars for + * improved interoperability. Only escape space, control + * and non-ASCII chars. */ - escaped = xmlURIEscapeStr(tmp, BAD_CAST"@/:=?;#%&,+<>"); + escaped = xmlURIEscapeStr(tmp, + BAD_CAST "\"#$%&+,/:;<=>?@[\\]^`{|}"); if (escaped != NULL) { xmlBufWriteQuotedString(buf->buffer, escaped); xmlFree(escaped); |