I'll code up a switch to escape just for the known attribute names. We can iterate from there, but checking against valid URL values is not only inefficient, it's wrong (what if a title happens to be a valid URL?)
On Thu, Mar 5, 2009 at 3:21 PM, Vincent Siveton <[email protected]> wrote: > Hi again, > > 2009/3/5 Adam Winer <[email protected]>: >> is going to be outrageously slow, as in the common case it involves > > Agree with you but... > >> allocating two expensive objects. Can you roll this back and find a >> more efficient implementation? Like, for one possibility, comparing >> the attribute name against a Set of known URL attribute names in HTML. > > It was my original idea but it doesn't guarantee that the text will be > correctly escaped for all attributes. > >> Or just always escaping &, since I'm not aware of a reason why & >> breaks attributes in HTML. > > Always escaping & doesn't work, I got a test failure, I don't remember > which one. > > I could propose to check if the text seems like an url ie starting > with http/https... > If not, escape the & > > WDYT? > > Cheers, > > Vincent >
