Michał Bentkowski (@SecurityMB) 🦻Jun 24, 2025
Tom Schuster

Firefox 140 just shipped, which means Firefox will now escape less-than (<) and greater-than (>) symbols when serializing HTML attributes.

HTML spec change:
https://github.com/whatwg/html/issues/6235

Firefox release notes:
https://www.mozilla.org/en-US/firefox/140.0/releasenotes/

Escape "<" and ">" in attributes when serializing HTML · Issue #6235 · whatwg/html

I'm submitting this issue after a short discussion on Twitter with @zcorpan today. I think we should change the rules of escaping a string in attribute mode, and also escape < and > to < and &gt...

GitHub
Jun 24, 2025 at 2:18pmWeb