From c8c346670e75ddae530893c8730e249cb19dbeed Mon Sep 17 00:00:00 2001
From: pizzacat83 <17941141+pizzacat83@users.noreply.github.com>
Date: Sun, 30 Nov 2025 13:24:58 +0900
Subject: [PATCH] fix: Escape '<' and '>' when serializing attribute values

There was an update to the HTML Standard (https://github.com/whatwg/html/commit/e21bd3b4a94bfdbc23d863128e0b207be9821a0f) to mandate escaping of '<' and '>' in attribute values.

This commit updates the attribute serialization logic to comply with the current specification.
---
 html5ever/src/serialize/mod.rs | 4 ++--
 rcdom/tests/html-serializer.rs | 6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/html5ever/src/serialize/mod.rs b/html5ever/src/serialize/mod.rs
index 4a7aede1..9aae3ab1 100644
--- a/html5ever/src/serialize/mod.rs
+++ b/html5ever/src/serialize/mod.rs
@@ -107,8 +107,8 @@ impl<Wr: Write> HtmlSerializer<Wr> {
                 '&' => self.writer.write_all(b"&amp;"),
                 '\u{00A0}' => self.writer.write_all(b"&nbsp;"),
                 '"' if attr_mode => self.writer.write_all(b"&quot;"),
-                '<' if !attr_mode => self.writer.write_all(b"&lt;"),
-                '>' if !attr_mode => self.writer.write_all(b"&gt;"),
+                '<' => self.writer.write_all(b"&lt;"),
+                '>' => self.writer.write_all(b"&gt;"),
                 c => self.writer.write_fmt(format_args!("{c}")),
             }?;
         }
diff --git a/rcdom/tests/html-serializer.rs b/rcdom/tests/html-serializer.rs
index b9f9f855..67e3ca79 100644
--- a/rcdom/tests/html-serializer.rs
+++ b/rcdom/tests/html-serializer.rs
@@ -140,7 +140,11 @@ test!(
     r#"<p><i>Hello!</i></p><i>, World!</i>"#
 );
 
-test!(attr_literal, r#"<base foo="<'>">"#);
+test!(
+    attr_literal,
+    r#"<base foo="<'>">"#,
+    r#"<base foo="&lt;'&gt;">"#
+);
 test!(attr_escape_amp, r#"<base foo="&amp;">"#);
 test!(
     attr_escape_amp_2,