Wrong attribute name validation

[PauloASilva]

Consider the following markup <meta #1=""></meta> which is correctly handled by major browser's builtin DOM Parser.

Due to this validation on sax.js parser when adding the attribute to the element object, xmldom throws an error.

Maybe the tagNamePattern pattern used on sax.js should be updated or a new one, attribute specific, should be added and used instead.

The following list describes syntax rules for attributes in documents in the HTML syntax. Syntax rules for attributes in documents in the XML syntax. are defined in the XML specification [XML].

• Attribute names must consist of one or more characters other than the space characters, U+0000 NULL, """, "'", ">", "/", "=", the control characters, and any characters that are not defined by Unicode.
• XML-compatible attribute names are those that match the Name production defined in the XML specification [XML] and that contain no ":" characters, and whose first three characters are not a case-insensitive match for the string "xml". (source)

I would like to have your feedback before implementing a workaround/fix for this issue.

Regards, Paulo

[PauloASilva]

I was playing around with a regular expression to match not allowed characters and I ended up with something like /[ \u0000-\u001F\u007F\u0080—\u009F"'>\/=]/. This regular expression is missing the "any characters that are not defined by Unicode" validation (how to do it?).

When checking whether major browser do implement the spec, I ended up realizing that """ (double quotes) are allowed on attributes names.

<meta property="og:descriptionʺ content="#1 JavaScript Security Solution for Mobile, Desktop, HTML5 and Node.js. Make your JavaScript app tamper-proof, self-defensive and with logic concealed.">

Both Firefox and Google Chrome will parse this meta tag with the following attributes: property, #1, javascript, security, solution, for, mobile,, desktop,, html5, and, node.js., make, your, app, tamper-proof,, self-defensive, with, logic, concealed."