Handle escaping < in edge cases where it doesn't start a tag (#544)

mozilla / bleach

Bleach is an allowed-list-based HTML sanitizing library that escapes or strips markup and attributes

https://bleach.readthedocs.io/en/latest/

Other

2.66k stars 250 forks source link

Handle escaping < in edge cases where it doesn't start a tag (#544) #667

Closed willkg closed 2 years ago

willkg commented 2 years ago

The html5lib tokenizer kicks up a parse error token when there's a < that isn't the start of a tag. This adds some handling for that case and treats the < plus whatever is after it as characters data.

Fixes #544.

willkg commented 2 years ago

@g-k Can you skim this, please?

willkg commented 2 years ago

Thank you!