Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: escape foreign style tag content when serializing HTML5 (v1.16.x) #3349

Merged
merged 2 commits into from
Dec 2, 2024

Conversation

flavorjones
Copy link
Member

Backport of #3348 to v1.16.x

Normally, a `style` tag is considered to be a raw text element,
meaning `<` is parsed as part of a possible "tag start" token, and is
serialized literally (and not rendered as an escaped character
reference `&lt;`).

However, when appearing in either SVG or MathML foreign content, a
`style` tag should *not* be considered a raw text element, and should
be escaped when serialized. libgumbo is parsing this case correctly,
but our HTML5 serialization code does not escape the content.

This commit updates the static `is_one_of()` C function to consider
the namespace of the parent node as well as the tag's local name when
deciding whether the tag matches the list of HTML elements, so that a
`style` tag in foreign content will *not* match, but a `style` tag in
HTML content will match.

(cherry picked from commit 44e3a74aff2c93873c82d55db8f08912f4e69d59)
@flavorjones flavorjones added the backport Backport of a PR to the current release branch label Dec 1, 2024
@flavorjones flavorjones changed the base branch from main to v1.16.x December 1, 2024 18:48
@flavorjones flavorjones force-pushed the flavorjones-svg-style-serialization_1.16 branch from 2e72c7d to 573a087 Compare December 1, 2024 18:48
@flavorjones flavorjones changed the title Flavorjones svg style serialization 1.16 fix: escape foreign style tag content when serializing HTML5 (v1.16.x) Dec 1, 2024
@flavorjones flavorjones merged commit 973ea98 into v1.16.x Dec 2, 2024
130 of 131 checks passed
@flavorjones flavorjones deleted the flavorjones-svg-style-serialization_1.16 branch December 2, 2024 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport Backport of a PR to the current release branch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant