This queue is for tickets about the HTML-Parser CPAN distribution.

Report information
The Basics
Id:
9742
Status:
resolved
Priority:
Low/Low
Queue:

People
Owner:
Nobody in particular
Requestors:
rjbs [...] cpan.org
Cc:
AdminCc:

BugTracker
Severity:
(no value)
Broken in:
(no value)
Fixed in:
(no value)



Subject: default set of encoded entities should include apos
In XML and HTML, both double and single quotes are acceptable for attribute quoting. Despite this, almost all entity encoders only encode " to quot, which means that when text is encoded and included as an attribute value in a template that uses ' to quote attribute values, quotes be easily tricked. While not using single-quote delimiters can help with this problem, I don't see a strong reason why ' shouldn't be quoted to apos by default to help prevent this problem.


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.