Valid Characters Between HTML Attributes
This might be a silly thing to do; but I'm trying to allow 'some' HTML on a website (okay, it's probably a bad idea). But, for the sake of argument...
Is there ANY non-white space character you can place between an attrib开发者_Python百科ute and the '='s sign and still have a modern browser be able to interpret the attribute.
In other words; if the user enters:
<img src="pic1.jpg" width=50 height=50 onClick='alert("Hi");'>
Is there any character(s) that can appear after 'onClick' but before the '=' sign and still have it execute the javascript alert message in any of the big name browsers, besides spaces and enters?
As an example - I tried inserting ' ' (and it fails)...
But is there another clever way of interjecting something I might miss.
After a lot of looking; I've been unable to find anything that can appear between the 'attribute = value' that isn't white space.
精彩评论