Some entities need escaping within attributes.

observablehq / htl

A tagged template literal that allows safe interpolation of values into HTML, following the HTML5 spec

https://observablehq.com/@observablehq/htl

ISC License

305 stars 24 forks source link

Closed mbostock closed 4 years ago

mbostock commented 4 years ago

Currently we only escape " within double-quoted attributes, for example, but we also need to escape &, at the least.