Skip to content

Conversation

@gsnedders
Copy link
Member

#11 given this isn't picked up from the title

@hoppipolla-critic-bot
Copy link

Critic review: https://critic.hoppipolla.co.uk/r/227

This is an external review system which you may optionally use for the code review of your pull request.

@gsnedders
Copy link
Member Author

The remaining failures are now-bogus tests in html5lib-tests (which expect spec behaviour by default, and not legacy-safe behaviour by default (which we want because of #12 — to be secure by default)).

@gsnedders gsnedders modified the milestones: 0.9999, 0.99999 Apr 29, 2015
@gsnedders gsnedders force-pushed the escape-characters-serializer branch from b0eddff to 791533e Compare May 7, 2016 23:48
@gsnedders gsnedders modified the milestone: 0.99999999 May 8, 2016
@gsnedders gsnedders force-pushed the escape-characters-serializer branch from 791533e to d87ca9b Compare May 9, 2016 15:20
@gsnedders gsnedders force-pushed the escape-characters-serializer branch from d87ca9b to 6ddce87 Compare May 11, 2016 20:03
@codecov-io
Copy link

codecov-io commented May 11, 2016

Current coverage is 89.37%

Merging #95 into master will increase coverage by +<.01%

@@             master        #95   diff @@
==========================================
  Files            50         50          
  Lines          6796       6809    +13   
  Methods           0          0          
  Messages          0          0          
  Branches       1318       1321     +3   
==========================================
+ Hits           6071       6085    +14   
+ Misses          555        553     -2   
- Partials        170        171     +1   
  1. File ...ject_meta_charset.py (not in diff) was modified. more
    • Misses +1
    • Partials 0
    • Hits -1

Powered by Codecov. Last updated by b48d0c1...8765511

@gsnedders gsnedders force-pushed the escape-characters-serializer branch from a30eb28 to 15ff801 Compare May 11, 2016 23:00
…legacy browsers

These are mostly out of the market now, so this isn't massively
needed any more; nevertheless, avoiding XSS as much as possible is
inevitably desirable.

This alters the API so that quote_attr_values is now a ternary
setting, choosing between legacy-safe behaviour, spec behaviour, and
always quoting.
@gsnedders gsnedders force-pushed the escape-characters-serializer branch from 8765511 to 9b8d8eb Compare May 11, 2016 23:55
@gsnedders gsnedders merged commit f6741ea into html5lib:master May 17, 2016
@gsnedders gsnedders deleted the escape-characters-serializer branch May 17, 2016 22:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants