Simon Pieters

Consider a post like this: ``` Foo (bar, baz) #thetag ``` The imported post will be: ``` Foo (bar, baz ``` Note the missing `)` This is because the regex...

https://wicg.github.io/sanitizer-api/ https://github.com/otherdaniel/purification/blob/strings-explainer/explainer-strings.md

https://web.dev/trusted-types/ https://microsoftedge.github.io/edgevr/posts/eliminating-xss-with-trusted-types/ https://github.com/w3c/webappsec-trusted-types/issues/342

https://htmlparser.info/scripting/#other-parser-apis > Other parser APIs document.execCommand with insertHTML is missing. Also see https://github.com/w3c/webappsec-trusted-types/issues/345 (h/t @apple502j) as a case study for the security chapter.

https://twitter.com/domenic/status/1435748222107099142 ack @domenic https://github.com/whatwg/dom/issues/831 https://github.com/whatwg/html/issues/6417

https://blogs.windows.com/msedgedev/2017/04/19/modernizing-dom-tree-microsoft-edge/ ack https://news.ycombinator.com/item?id=27313121

https://htmlparser.info/introduction/#sgml--early-html > As an interesting aside, when using the XML "/>" syntax in HTML, according to SGML rules it would trigger the SHORTTAG feature\. When used on a void element,...

https://htmlparser.info/parser/#bogus-comments > Bogus comments https://github.com/whatwg/html/issues/1438

This needs some more work to fill out TODOs and such.