-
Notifications
You must be signed in to change notification settings - Fork 569
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
decodeEntities unsafely decodes & when it results in a legacy character reference #964
Comments
mathiasbynens
changed the title
decodeEntities
decodeEntities unsafely decodes & when it results in a legacy character reference
Sep 23, 2018
mathiasbynens
added a commit
to mathiasbynens/html-minifier
that referenced
this issue
Sep 23, 2018
Without this patch, the `decodeEntities` option decodes e.g. `&` even in cases when doing so changes the meaning (and rendering) of the resulting HTML. Fixes kangax#964.
mathiasbynens
added a commit
to mathiasbynens/html-minifier
that referenced
this issue
Sep 23, 2018
Without this patch, the `decodeEntities` option decodes e.g. `&` even in cases when doing so changes the meaning (and rendering) of the resulting HTML. Fixes kangax#964.
Patch: #965 |
mathiasbynens
added a commit
to mathiasbynens/html-minifier
that referenced
this issue
Sep 28, 2018
Without this patch, the `decodeEntities` option decodes e.g. `&` even in cases when doing so changes the meaning (and rendering) of the resulting HTML. Fixes kangax#964.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
decodeEntities
option decodes&
even in cases when doing so changes the meaning (and rendering) of the resulting HTML.Input HTML:
With
decodeEntities: true
, this gets minified into:Note how
&current
(which renders as “¤t”) is changed into¤t
(which renders as “¤t”). This should not happen since¤
(yes, even without the trailing;
) is a character reference for¤
, and so turning the&
into just&
changes the rendering/meaning.The full list of such entities that do not require a closing
;
(like¤
) is here: https://github.com/mathiasbynens/he/blob/master/data/decode-map-legacy.json (generated from the HTML Standard)The text was updated successfully, but these errors were encountered: