"Any other end tag"

[stevecheckoway]

https://html.spec.whatwg.org/multipage/parsing.html#scriptForeignEndTag

Any other end tag

I think there might be a spec bug here. html5lib-tests added tree-building tests of the form <math></p><foo>. That test in particular agrees with how Safari, Firefox, and Chrome parse that bit of HTML. The Gumbo and html5ever parsers disagree. My reading of the spec agrees with Gumbo and html5ever.

Essentially, should the </p><foo>

1. cause the math element to be closed and HTML p and foo elements to be inserted as children of the body element; or
2. insert an HTML p element and a MathML foo element as children of the math element?

If 1 (what the browsers do), where does (or should) the specification specify that?

[bathos]

I posted this response to your comments in the html5lib repo, but I'd meant to do it here:

See also #5113 and #6736

I believe your reading is correct - and that it was pointed out that this created a dangerous loophole for exploiting sanitizer round tripping. I'm not certain but I think maybe due to the nature of the problem vendors and some libraries may have addressed it before the spec was actually updated to reflect the necessary change.

The open PR addresses it by making </p> pop open elements until an HTML element / HTML integration point element is the current node.

[stevecheckoway]

Thanks @bathos! That makes a lot of sense. I'm closing this as its a duplicate of #5113.