Created attachment 465640 [details] Partial Patch for Merge - Local Testing (Build) .cpp side Hi Team, While going through Chromium's Monorail, I came across another failing test case: What steps will reproduce the problem? (1) Open the following URL data:text/html;charset=utf-8,<body> <div id=target><a href="javascript:&quot;foobar&quot;">link</a></div> <pre></pre> <script> alert(document.querySelector('div').innerHTML); </script> </body> What is the expected result? It should show an alert dialog with: <a href="javascript:&quot;foobar&quot;">link</a> What happens instead? It shows an alert dialog with: <a href='javascript:"foobar"'>link</a> Chrome Bug - https://bugs.chromium.org/p/chromium/issues/detail?id=927164 Blink Commit - https://chromium.googlesource.com/chromium/src.git/+/a806a0593906b75b9396d3bbd092bdda9161bf4c WPT Tests Progression - Two subtests of http://wpt.live/html/syntax/serializing-html-fragments/serializing.html Just wanted to raise so we can fix and get more WPT wins and browser compat wins. Thanks!