Closed fregante closed 6 years ago
URLs may contain HTML-looking parts, such as &, which browsers friendly turn to & in code.
&
&
Live example: https://runkit.com/embed/jxchw34aqffr (RunKit nicely shows the rendered HTML as well)
The value should always be escaped; the href attribute doesn't seem to be as smart with entities (& is converted to & but & isn't) so probably it doesn't need to be escaped.
href
&
Perhaps this can be handled by create-html-element: https://github.com/sindresorhus/create-html-element/issues/2
create-html-element
URLs may contain HTML-looking parts, such as
&
, which browsers friendly turn to&
in code.Live example: https://runkit.com/embed/jxchw34aqffr (RunKit nicely shows the rendered HTML as well)
The value should always be escaped; the
href
attribute doesn't seem to be as smart with entities (&
is converted to&
but&
isn't) so probably it doesn't need to be escaped.