|
|
|
|
|
|
by medearis
6328 days ago
|
|
|
There's also a security reason for attributes to be enclosed in quotes when we're talking about dynamic webpages. Avery's permissive parser might parse the page "correctly," including an additional maliciously injected attribute like onclick=sendcookie(), which wouldn't have been possible otherwise. |
|
|