fix(get-selector): do not URL encode or token escape attribute selectors

[straker]

When trying to get the selector for the images on #3109, the end result of the getAttributeNameValue would end up being URI encoded and token escaped.

What that means is that instead of returning [href$="1 Seater"] (a valid CSS attribute selector) it would first URI encode it, which would turn into [href$="1%20Seater"], and then token escape it which would try to prevent the first character from being a number (an invalid CSS token) and escape it, resulting in [href$="\31 %20Seater"]. This selector would not find anything in the document so :root would be returned by default.

Since attribute selectors can be strings and since we're wrapping the value in quotes, it wasn't necessary to do any escaping or encoding.

Attribute values must be <ident-token>s or <string-token>s

Closes issue: #3109

[dylanb]

Need to also not escape when the full URL is used

Resolved

[WilcoFiers]

Where is this supposed to go? I get a 502 on this.

[straker]

Well it did go to a discussion about what values of an attribute string should be replaced. It was the only place I could find something. Would you happen to know of an official spec for that?

[straker]

Seems to be working again

[stephenmathieson]

Would using CSS.escape() or a ponyfil make more sense than a custom implementation here?

[straker]

I looked at CSS.escape but it works like our escapeSelector code in that it doesn't take into account that the string you pass is used in an attribute selector, so will still escape 1 Seater as '\31 \ Seater' which wouldn't match.

I'd be fine replacing our escapeSelector code with CSS.escape, but in a different pr.

Resolved