Bug Tracker

Opened 11 years ago

Closed 11 years ago

#3152 closed enhancement (invalid)

attr(name, value) does not escape values

Reported by: thesaint Owned by:
Priority: major Milestone: 1.3
Component: core Version: 1.2.6
Keywords: attributes, attr, escape Cc:
Blocked by: Blocking:

Description

If you call the attr(name, value) function to set an attribute value, special characters are not escaped. Quotes and double quotes cause the attribute value to be truncated, ampersands and angle brackets create invalid HTML. To avoid having quoting functions all over the place (think of several plugins that need quoted attributes), I think jQuery should automatically quote special characters when setting attributes (maybe with the option to lave angle brackets and ampersands alone for really exotic uses).

Attachments (1)

testcase_attr_value.html (1.1 KB) - added by thesaint 11 years ago.
Test case (without the problem described)

Download all attachments as: .zip

Change History (4)

comment:1 Changed 11 years ago by flesler

need: ReviewTest Case

Can you provide a test case that reproduces the error ? just a small html file with the needed js to cause this problem. Thanks

Changed 11 years ago by thesaint

Attachment: testcase_attr_value.html added

Test case (without the problem described)

comment:2 Changed 11 years ago by thesaint

Thanks for requesting the test case - I tried to reproduce my error but couldn't, everything works as expected. You can close this ticket now.

It seems the error is somewhere else (probably the PHP-created JSON object).

comment:3 Changed 11 years ago by flesler

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.