Side navigation
#3152 closed enhancement (invalid)
Opened July 11, 2008 05:09PM UTC
Closed July 23, 2008 04:27PM UTC
attr(name, value) does not escape values
| Reported by: | thesaint | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 1.3 |
| Component: | core | Version: | 1.2.6 |
| Keywords: | attributes, attr, escape | Cc: | |
| Blocked by: | Blocking: |
Description
If you call the attr(name, value) function to set an attribute value, special characters are not escaped. Quotes and double quotes cause the attribute value to be truncated, ampersands and angle brackets create invalid HTML. To avoid having quoting functions all over the place (think of several plugins that need quoted attributes), I think jQuery should automatically quote special characters when setting attributes (maybe with the option to lave angle brackets and ampersands alone for really exotic uses).
Attachments (1)
Change History (3)
Changed July 15, 2008 02:39AM UTC by comment:1
| need: | Review → Test Case |
|---|
Changed July 15, 2008 08:24AM UTC by comment:2
Thanks for requesting the test case - I tried to reproduce my error but couldn't, everything works as expected. You can close this ticket now.
It seems the error is somewhere else (probably the PHP-created JSON object).
Changed July 23, 2008 04:27PM UTC by comment:3
| resolution: | → invalid |
|---|---|
| status: | new → closed |
Can you provide a test case that reproduces the error ? just a small html file with the needed js to cause this problem.
Thanks