Improve the note on characters that need to be escaped in iframes' srcdoc

[prlbr]

A note in https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-srcdoc reads

In the HTML syntax, authors need only remember to use U+0022 QUOTATION MARK characters (") to wrap the attribute contents and then to escape all U+0022 QUOTATION MARK (") and U+0026 AMPERSAND (&) characters, and to specify the sandbox attribute, to ensure safe embedding of content.

It's important to escape the ampersands first and the quotation marks second, so that ", when used to delimit attribute values, will be changed to e.g. " and not ". Can the note be made clearer in this respect?

I'd at least change the order in which the characters are named from

U+0022 QUOTATION MARK (") and U+0026 AMPERSAND (&)

to

U+0026 AMPERSAND (&) and U+0022 QUOTATION MARK (")

[kkampardi]

I could work on this if nobody does!
I am first time contributor so any tips will be more than welcome!

[domenic]

@kkampardi awesome, great to have you! This seems like a great bug to get started learning about the build tools and how to edit the spec and submit a pull request. Feel free to ask for help in IRC. https://github.com/whatwg/html/blob/master/CONTRIBUTING.md should have enough information to get you started.

To be concrete, the change requested here is add a sentence like the following to the section @prlbr mentions: "(And remember to escape ampersands before quotation marks, to ensure quotation marks become " and not ".)"

[domenic]

@kkampardi are you still planning to work on this? It's fine if not, I just wanted to make sure others looking for their own "good first issue" know what's free :) (See whatwg/meta#74.)

[kkampardi]

No I'm not! Feel free to assign this to someone else! Thank you