Skip to content

Implement dangling markup injection mitigation #10022

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Implement dangling markup injection mitigation #10022

Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
3409daa
Add dangling markup mitigation to the spec
shhnjk Dec 26, 2023
7cb23cd
Nit
shhnjk Dec 27, 2023
3148696
Nit
shhnjk Dec 27, 2023
37fb45c
Change important information on when to use parse a URL out of the note
shhnjk Dec 27, 2023
97c75b0
Add a note about dangling markup injection, and remove parse a URL fr…
shhnjk Dec 27, 2023
5e5fefa
Added base URL paramter to parse a URL to support base URL
shhnjk Dec 27, 2023
4e41246
Implement HTML-parse URL logic
shhnjk Feb 1, 2024
61dbafa
Implement check dangling markup algorithm
shhnjk Feb 3, 2024
4fed881
Nit multi-step
shhnjk Feb 3, 2024
7962203
Nit remove space
shhnjk Feb 3, 2024
20d52a8
Address comments
shhnjk Feb 5, 2024
6e9e98e
remove cite
shhnjk Feb 12, 2024
fdbc1e7
Address comments
shhnjk Mar 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
remove cite
  • Loading branch information
@shhnjk
shhnjk committed Feb 12, 2024
commit 6e9e98efdc8d9db6cd80ed8e7bff2fb9e2c7dae4
8 changes: 4 additions & 4 deletions source
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19995,7 +19995,7 @@ interface <dfn interface>HTMLQuoteElement</dfn> : <span>HTMLElement</span> {

<p>If the <code data-x="attr-blockquote-cite">cite</code> attribute is present, it must be a
<span>valid URL potentially surrounded by spaces</span>. <span w-nodev>To obtain the
corresponding citation link, the value of the attribute must be <span data-x="HTML-parse a
corresponding citation link, the value of the attribute must be <span data-x="encoding-parsing a
URL">parsed</span> relative to the element's <span>node document</span>.</span> User agents may
allow users to follow such citation links, but they are primarily intended for private use (e.g.,
by server-side scripts collecting statistics about a site's use of quotations), not for
Expand Down Expand Up @@ -22215,7 +22215,7 @@ gossip column, maybe!&lt;/q>.&lt;/p></code></pre>

<p>If the <code data-x="attr-q-cite">cite</code> attribute is present, it must be a <span>valid
URL potentially surrounded by spaces</span>. <span w-nodev>To obtain the corresponding citation
link, the value of the attribute must be <span data-x="HTML-parse a URL">parsed</span>
link, the value of the attribute must be <span data-x="encoding-parsing a URL">parsed</span>
relative to the element's <span>node document</span>.</span> User agents may allow users to follow
such citation links, but they are primarily intended for private use (e.g., by server-side scripts
collecting statistics about a site's use of quotations), not for readers.</p>
Expand Down Expand Up @@ -28303,7 +28303,7 @@ document.body.appendChild(wbr);</code></pre>

<p>If the <code data-x="attr-mod-cite">cite</code> attribute is present, it must be a <span>valid
URL potentially surrounded by spaces</span> that explains the change. <span w-nodev>To obtain
the corresponding citation link, the value of the attribute must be <span data-x="HTML-parse
the corresponding citation link, the value of the attribute must be <span data-x="encoding-parsing
a URL">parsed</span> relative to the element's <span>node document</span>.</span> User agents may
allow users to follow such citation links, but they are primarily intended for private use (e.g.,
by server-side scripts collecting statistics about a site's edits), not for readers.</p>
Expand Down Expand Up @@ -133698,7 +133698,7 @@ progress { appearance: auto; }</code></pre>
as part of such auditing.</p>

<p>User agents may allow users to <span>navigate</span><!--DONAV cite=""--> <span
data-x="navigable">navigables</span> to the URLs <span data-x="HTML-parse a
data-x="navigable">navigables</span> to the URLs <span data-x="encoding-parsing a
URL">indicated</span> by the <code data-x="">cite</code> attributes on <code>q</code>,
<code>blockquote</code>, <code>ins</code>, and <code>del</code> elements.</p>

Expand Down