Opened 15 years ago
Closed 15 years ago
#3152 closed enhancement (invalid)
attr(name, value) does not escape values
| Reported by: | thesaint | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 1.3 |
| Component: | core | Version: | 1.2.6 |
| Keywords: | attributes, attr, escape | Cc: | |
| Blocked by: | Blocking: |
Description
If you call the attr(name, value) function to set an attribute value, special characters are not escaped. Quotes and double quotes cause the attribute value to be truncated, ampersands and angle brackets create invalid HTML. To avoid having quoting functions all over the place (think of several plugins that need quoted attributes), I think jQuery should automatically quote special characters when setting attributes (maybe with the option to lave angle brackets and ampersands alone for really exotic uses).
Attachments (1)
Change History (4)
comment:1 Changed 15 years ago by
| need: | Review → Test Case |
|---|
Changed 15 years ago by
| Attachment: | testcase_attr_value.html added |
|---|
Test case (without the problem described)
comment:2 Changed 15 years ago by
Thanks for requesting the test case - I tried to reproduce my error but couldn't, everything works as expected. You can close this ticket now.
It seems the error is somewhere else (probably the PHP-created JSON object).
comment:3 Changed 15 years ago by
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Can you provide a test case that reproduces the error ? just a small html file with the needed js to cause this problem. Thanks