html-parser-book
html-parser-book copied to clipboard
zcorpan
Idiosyncracies of the HTML parser
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR See full...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.13.0 to 1.14.8. Commits 3d81dc3 Release version 1.14.8 of the npm package. 62e546a Drop confidential headers across schemes. 2ede36d Release version 1.14.7 of the npm package. 8b347cb...
https://wicg.github.io/sanitizer-api/ https://github.com/otherdaniel/purification/blob/strings-explainer/explainer-strings.md
https://web.dev/trusted-types/ https://microsoftedge.github.io/edgevr/posts/eliminating-xss-with-trusted-types/ https://github.com/w3c/webappsec-trusted-types/issues/342
A good amount of code is marked up as such, but another part of it isn’t. This is particularly visible for HTML elements, but also quoted materials. Maybe already on...
https://htmlparser.info/scripting/#other-parser-apis > Other parser APIs document.execCommand with insertHTML is missing. Also see https://github.com/w3c/webappsec-trusted-types/issues/345 (h/t @apple502j) as a case study for the security chapter.
https://twitter.com/domenic/status/1435748222107099142 ack @domenic https://github.com/whatwg/dom/issues/831 https://github.com/whatwg/html/issues/6417
https://blogs.windows.com/msedgedev/2017/04/19/modernizing-dom-tree-microsoft-edge/ ack https://news.ycombinator.com/item?id=27313121
https://htmlparser.info/introduction/#sgml--early-html > As an interesting aside, when using the XML "/>" syntax in HTML, according to SGML rules it would trigger the SHORTTAG feature\. When used on a void element,...