qhoxie/gist:671704

## gistfile1.js
// non-id/name attributes are interpreted as cdata
// per: http://www.w3.org/TR/html4/types.html#type-cdata

var s = "<p title=\"&lt;script&gt;alert('TEST')&lt;/script&gt;\">testing 123</p>";
document.body.innerHTML = s;
document.getElementsByTagName('p')[0].getAttribute('title');
// =>  "<script>alert('TEST')</script>"
document.getElementsByTagName('p')[0].title;
// =>  "<script>alert('TEST')</script>"

## gistfile2.js
// there is no way to distinguish, on read, any permutation of encoded or non-encoded values

var s = "<p data-foo=\"\<script\>alert('TEST')&lt;/script&gt;\">testing 123</p>";
document.body.innerHTML = s;
document.getElementsByTagName('p')[0].getAttribute('data-foo');
// =>  "<script>alert('TEST')</script>"


var s = '<p data-foo="' + "<script>alert('TEST')</script>" + '">testing 123' + '</p>';
document.body.innerHTML = s;
document.getElementsByTagName('p')[0].getAttribute('data-foo');
// =>  "<script>alert('TEST')</script>"

## gistfile3.js
// setting and reading in-line yields the entities intact

var s = "<p>testing 123</p>";
document.body.innerHTML = s;
document.getElementsByTagName('p')[0].setAttribute('data-foo', "&lt;script&gt;alert('TEST')&lt;/script&gt;");
document.getElementsByTagName('p')[0].getAttribute('data-foo');
// => "&lt;script&gt;alert('foo')&lt;/script&gt;"
	// non-id/name attributes are interpreted as cdata
	// per: http://www.w3.org/TR/html4/types.html#type-cdata

	var s = "<p title=\"<script>alert('TEST')</script>\">testing 123</p>";
	document.body.innerHTML = s;
	document.getElementsByTagName('p')[0].getAttribute('title');
	// => "<script>alert('TEST')</script>"
	document.getElementsByTagName('p')[0].title;
	// => "<script>alert('TEST')</script>"
	// there is no way to distinguish, on read, any permutation of encoded or non-encoded values

	var s = "<p data-foo=\"\<script\>alert('TEST')</script>\">testing 123</p>";
	document.body.innerHTML = s;
	document.getElementsByTagName('p')[0].getAttribute('data-foo');
	// => "<script>alert('TEST')</script>"


	var s = '<p data-foo="' + "<script>alert('TEST')</script>" + '">testing 123' + '</p>';
	document.body.innerHTML = s;
	document.getElementsByTagName('p')[0].getAttribute('data-foo');
	// => "<script>alert('TEST')</script>"
	// setting and reading in-line yields the entities intact

	var s = "<p>testing 123</p>";
	document.body.innerHTML = s;
	document.getElementsByTagName('p')[0].setAttribute('data-foo', "<script>alert('TEST')</script>");
	document.getElementsByTagName('p')[0].getAttribute('data-foo');
	// => "<script>alert('foo')</script>"