FF140 escaping < and > to < and > in attributes when serializing HTML
#39639
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hamishwillee
requested review from
wbamberg and
pepelsbey
and removed request for
a team
github-actions
bot
added
Content:WebAPI
hamishwillee
commented
May 23, 2025
| instead. | ||
| To only obtain the HTML representation of the contents of an element, or to replace the contents of an element, use the {{domxref("Element.innerHTML", "innerHTML")}} property instead. | ||
|
|
||
| Note that some browsers serialize `<` and `>` in attributes as `<` and `>` when reading the HTML (see [Browser compatibility](#browser_compatibility)). |
There was a problem hiding this comment.
This is the only actual change in this page.
hamishwillee
commented
May 23, 2025
| The **`innerHTML`** property of the {{domxref("ShadowRoot")}} | ||
| interface sets or returns a reference to the DOM tree inside the | ||
| `ShadowRoot`. | ||
| The **`innerHTML`** property of the {{domxref("ShadowRoot")}} interface sets gets or sets the HTML markup to the DOM tree inside the `ShadowRoot`. |
There was a problem hiding this comment.
The text here seemed completely wrong - it isn't a reference. There is a lot more that can be said.
I don't want to say it in this PR because that would be out of scope for this task. I do expect to be back here though, as I am currently doing work on the HTLM sanitization API which tanjentially affects this. I will also be looking at it as I add docs on the injection sinks for TrustedTypes.
8 tasks
wbamberg
reviewed
May 23, 2025
Co-authored-by: Hamish Willee <[email protected]>
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
FF140 ships support for escaping
<and>to<and>in attributes when serializing HTML in https://bugzilla.mozilla.org/show_bug.cgi?id=1962084. This affects all the obvious methods like innerHTML, outerHTML, getHTML etc.This PR removes the info in the experimental features page (the addition to Relnote is in a separate PR).
I also added a note to the end of each of the affected methods pointing down to the browser compatibility for this feature. Note that the feature is non standard, but is expected to be standardized soon.
Related docs work can be tracked in #39628