Bug Tracker

Modify

Ticket #3152 (closed enhancement: invalid)

Opened 5 years ago

Last modified 5 years ago

attr(name, value) does not escape values

Reported by: thesaint Owned by:
Priority: major Milestone: 1.3
Component: core Version: 1.2.6
Keywords: attributes, attr, escape Cc:
Blocking: Blocked by:

Description

If you call the attr(name, value) function to set an attribute value, special characters are not escaped. Quotes and double quotes cause the attribute value to be truncated, ampersands and angle brackets create invalid HTML. To avoid having quoting functions all over the place (think of several plugins that need quoted attributes), I think jQuery should automatically quote special characters when setting attributes (maybe with the option to lave angle brackets and ampersands alone for really exotic uses).

Attachments

testcase_attr_value.html Download (1.1 KB) - added by thesaint 5 years ago.
Test case (without the problem described)

Change History

comment:1 Changed 5 years ago by flesler

  • need changed from Review to Test Case

Can you provide a test case that reproduces the error ? just a small html file with the needed js to cause this problem. Thanks

Changed 5 years ago by thesaint

Test case (without the problem described)

comment:2 Changed 5 years ago by thesaint

Thanks for requesting the test case - I tried to reproduce my error but couldn't, everything works as expected. You can close this ticket now.

It seems the error is somewhere else (probably the PHP-created JSON object).

comment:3 Changed 5 years ago by flesler

  • Status changed from new to closed
  • Resolution set to invalid

Please follow the  bug reporting guidlines and use  jsFiddle when providing test cases and demonstrations instead of pasting the code in the ticket.

View

Add a comment

Modify Ticket

Action
as closed
Author


E-mail address and user name can be saved in the Preferences.

Attachments
 
Note: See TracTickets for help on using tickets.