Skip to content

[3.9] gh-135661: Fix parsing start and end tags in HTMLParser according to the HTML5 standard (GH-135930) (GH-136268) #136293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 12, 2025
Merged

[3.9] gh-135661: Fix parsing start and end tags in HTMLParser according to the HTML5 standard (GH-135930) (GH-136268) #136293

merged 1 commit into from
Jul 12, 2025
+222 −120

Conversation

miss-islington
Copy link
Contributor

@miss-islington miss-islington commented Jul 4, 2025
edited by bedevere-app bot
Loading

  • Whitespaces no longer accepted between </ and the tag name.
    E.g. </ script> does not end the script section.

  • Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized
    as whitespaces. The only whitespaces are \t\n\r\f .

  • Null character (U+0000) no longer ends the tag name.

  • Attributes and slashes after the tag name in end tags are now ignored,
    instead of terminating after the first > in quoted attribute value.
    E.g. </script/foo=">"/>.

  • Multiple slashes and whitespaces between the last attribute and closing >
    are now ignored in both start and end tags. E.g. <a foo=bar/ //>.

  • Multiple = between attribute name and value are no longer collapsed.
    E.g. <a foo==bar> produces attribute "foo" with value "=bar".

  • Whitespaces between the = separator and attribute name or value are no
    longer ignored. E.g. <a foo =bar> produces two attributes "foo" and
    "=bar", both with value None; <a foo= bar> produces two attributes:
    "foo" with value "" and "bar" with value None.

  • Fix data loss after unclosed script or style tag (htmlparser unclosed script tag causes data loss #86155).

Also backport test.support.subTests() (gh-135120).

(cherry picked from commit 0243f97)
(cherry picked from commit c555f88)

Co-authored-by: Serhiy Storchaka storchaka@gmail.com
Co-authored-by: Ezio Melotti ezio.melotti@gmail.com
Co-authored-by: Waylan Limberg waylan.limberg@icloud.com

@serhiy-storchaka @ezio-melotti
@waylan @miss-islington
[3.12] pythongh-135661: Fix parsing start and end tags in HTMLParser …
6725dad 
…according to the HTML5 standard (pythonGH-135930) (pythonGH-136268)

* Whitespaces no longer accepted between `</` and the tag name.
  E.g. `</ script>` does not end the script section.

* Vertical tabulation (`\v`) and non-ASCII whitespaces no longer recognized
  as whitespaces. The only whitespaces are `\t\n\r\f `.

* Null character (U+0000) no longer ends the tag name.

* Attributes and slashes after the tag name in end tags are now ignored,
  instead of terminating after the first `>` in quoted attribute value.
  E.g. `</script/foo=">"/>`.

* Multiple slashes and whitespaces between the last attribute and closing `>`
  are now ignored in both start and end tags. E.g. `<a foo=bar/ //>`.

* Multiple `=` between attribute name and value are no longer collapsed.
  E.g. `<a foo==bar>` produces attribute "foo" with value "=bar".

* Whitespaces between the `=` separator and attribute name or value are no
  longer ignored. E.g. `<a foo =bar>` produces two attributes "foo" and
  "=bar", both with value None; `<a foo= bar>` produces two attributes:
  "foo" with value "" and "bar" with value None.

* Fix data loss after unclosed script or style tag (pythongh-86155).

Also backport test.support.subTests() (pythongh-135120).

---------
(cherry picked from commit 0243f97)
(cherry picked from commit c555f88)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Ezio Melotti <ezio.melotti@gmail.com>
Co-authored-by: Waylan Limberg <waylan.limberg@icloud.com>
@bedevere-app bedevere-app bot mentioned this pull request Jul 4, 2025
Open
@bedevere-app bedevere-app bot added the type-security A security issue label Jul 4, 2025
@bedevere-app bedevere-app bot mentioned this pull request Jul 4, 2025
Merged
@ambv ambv merged commit 6c97200 into python:3.9 Jul 12, 2025
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ezio-melotti ezio-melotti ezio-melotti approved these changes

Assignees
No one assigned
Labels
type-security A security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@miss-islington @ezio-melotti @ambv @serhiy-storchaka
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy