[Security] Removing self-closing slash from `<input>`s #17308

ThomasLandauer · 2022-09-29T20:06:39Z

I suggested the same for Symfony's templates, see symfony/symfony#47715

javiereguiluz · 2022-10-05T10:57:21Z

Thanks Thomas.

https://validator.w3.org/nu/ says: > Warning: Self-closing tag syntax in text/html documents is [widely discouraged](https://google.github.io/styleguide/htmlcssguide.html#Document_Type); it’s unnecessary and [interacts badly with other HTML features](https://software.hixie.ch/utilities/js/live-dom-viewer/?saved=10809) (e.g., unquoted attribute values). If you’re using a tool that injects self-closing tag syntax into all void elements, [without any option to prevent it from doing so](prettier/prettier#5246), then consider switching to a different tool. See also symfony/symfony-docs#17308

Removing self-closing slash from <input>s

c08a0a8

I suggested the same for Symfony's templates, see symfony/symfony#47715

carsonbot added the Status: Needs Review label Sep 29, 2022

carsonbot added this to the 6.2 milestone Sep 29, 2022

javiereguiluz added Status: Reviewed Security and removed Status: Needs Review labels Oct 5, 2022

carsonbot changed the title ~~Removing self-closing slash from <input>s~~ [Security] Removing self-closing slash from <input>s Oct 5, 2022

javiereguiluz merged commit f5efd90 into symfony:6.2 Oct 5, 2022

ThomasLandauer deleted the patch-3 branch October 5, 2022 11:12

ThomasLandauer mentioned this pull request May 8, 2023

Changing nl2br from <br /> to <br> twigphp/Twig#3841

Closed

Provide feedback