Skip to content

[3.11] gh-135661: Fix parsing start and end tags in HTMLParser according to the HTML5 standard (GH-135930) (GH-136268) #136291

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ambv merged 1 commit into from
Jul 12, 2025
Merged

[3.11] gh-135661: Fix parsing start and end tags in HTMLParser according to the HTML5 standard (GH-135930) (GH-136268) #136291

ambv merged 1 commit into from
Jul 12, 2025

Conversation

@miss-islington
Copy link
Contributor

@miss-islington miss-islington commented Jul 4, 2025
edited by bedevere-app bot
Loading

  • Whitespaces no longer accepted between </ and the tag name.
    E.g. </ script> does not end the script section.

  • Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized
    as whitespaces. The only whitespaces are \t\n\r\f .

  • Null character (U+0000) no longer ends the tag name.

  • Attributes and slashes after the tag name in end tags are now ignored,
    instead of terminating after the first > in quoted attribute value.
    E.g. </script/foo=">"/>.

  • Multiple slashes and whitespaces between the last attribute and closing >
    are now ignored in both start and end tags. E.g. <a foo=bar/ //>.

  • Multiple = between attribute name and value are no longer collapsed.
    E.g. <a foo==bar> produces attribute "foo" with value "=bar".

  • Whitespaces between the = separator and attribute name or value are no
    longer ignored. E.g. <a foo =bar> produces two attributes "foo" and
    "=bar", both with value None; <a foo= bar> produces two attributes:
    "foo" with value "" and "bar" with value None.

  • Fix data loss after unclosed script or style tag (htmlparser unclosed script tag causes data loss #86155).

Also backport test.support.subTests() (gh-135120).

(cherry picked from commit 0243f97)
(cherry picked from commit c555f88)

Co-authored-by: Serhiy Storchaka storchaka@gmail.com
Co-authored-by: Ezio Melotti ezio.melotti@gmail.com
Co-authored-by: Waylan Limberg waylan.limberg@icloud.com
@serhiy-storchaka @ezio-melotti
@waylan @miss-islington
[3.12] pythongh-135661: Fix parsing start and end tags in HTMLParser …
74e667c 
…according to the HTML5 standard (pythonGH-135930) (pythonGH-136268) * Whitespaces no longer accepted between `</` and the tag name. E.g. `</ script>` does not end the script section. * Vertical tabulation (`\v`) and non-ASCII whitespaces no longer recognized as whitespaces. The only whitespaces are `\t\n\r\f `. * Null character (U+0000) no longer ends the tag name. * Attributes and slashes after the tag name in end tags are now ignored, instead of terminating after the first `>` in quoted attribute value. E.g. `</script/foo=">"/>`. * Multiple slashes and whitespaces between the last attribute and closing `>` are now ignored in both start and end tags. E.g. `<a foo=bar/ //>`. * Multiple `=` between attribute name and value are no longer collapsed. E.g. `<a foo==bar>` produces attribute "foo" with value "=bar". * Whitespaces between the `=` separator and attribute name or value are no longer ignored. E.g. `<a foo =bar>` produces two attributes "foo" and "=bar", both with value None; `<a foo= bar>` produces two attributes: "foo" with value "" and "bar" with value None. * Fix data loss after unclosed script or style tag (pythongh-86155). Also backport test.support.subTests() (pythongh-135120). --------- (cherry picked from commit 0243f97) (cherry picked from commit c555f88) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com> Co-authored-by: Waylan Limberg <waylan.limberg@icloud.com>
@bedevere-app bedevere-app bot mentioned this pull request Jul 4, 2025
Open
@bedevere-app bedevere-app bot added the type-security A security issue label Jul 4, 2025
@bedevere-app bedevere-app bot mentioned this pull request Jul 4, 2025
Merged
@ambv ambv merged commit 228509e into python:3.11 Jul 12, 2025
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

type-security A security issue

4 participants

@miss-islington @ezio-melotti @ambv @serhiy-storchaka