Fuzzy detection of entities should be disabled in href attribute

[powerman]

• Mojolicious version: 7.26
• Perl version: v5.24.1
• Operating system: Linux

Steps to reproduce the behavior

say Mojo::DOM->new('<a href="/?a=42&sector=1">Link</a>');

Expected behavior

<a href="/?a=42&sector=1">Link</a>

Actual behavior

<a href="/?a=42§or=1">Link</a>

[kraih]

Please reference the sections of the specs that apply here.

[powerman]

https://www.w3.org/TR/html5/syntax.html#consume-a-character-reference

If the character reference is being consumed as part of an attribute, and the last character matched is not a ";" (U+003B) character, and the next character is either a "=" (U+003D) character or an alphanumeric ASCII character, then, for historical reasons, all the characters that were matched after the U+0026 AMPERSAND character (&) must be unconsumed, and nothing is returned.

[kraih]

Does the real HTML5 spec from WHATWG agree with that?

[powerman]

No idea. But it's clear current behaviour break things at least for very usual values in href attribute. And conflicts with at least one spec. Am I should dig WHATWG spec too for some reason?

[kraih]

Yes, we do not respect the W3C spec, same as browsers.

[kraih]

http://mojolicious.org/perldoc/Mojo/DOM/HTML#DESCRIPTION

[powerman]

https://html.spec.whatwg.org/#character-reference-state

If the character reference was consumed as part of an attribute (return state is either attribute value (double-quoted) state, attribute value (single-quoted) state or attribute value (unquoted) state), and the last character matched is not a U+003B SEMICOLON character (;), and the next input character is either a U+003D EQUALS SIGN character (=) or an ASCII alphanumeric, then, for historical reasons, switch to the character reference end state.

[kraih]

Ok, that's a bug then.