Issues

ZF-11597: Properly escape event attribute values in HtmlElement view helper

Issue Type: Patch Created: 2011-07-23T11:43:03.000+0000 Last Updated: 2011-08-26T09:13:26.000+0000 Status: Resolved Fix version(s): Reporter: Kim Blomqvist (kblomqvist) Assignee: Pádraic Brady (padraic) Tags: - Zend_View

Related issues: - ZF-9926

Attachments: - ZF-11597.patch

Description

Zend_View_Helper_HtmlElement does not properly substitute double quotes with single quotes in event attribute values. Even if it would work, I think that we should still escape quotes by html entity numbers rather than substituting them from single quotes to double quotes or vice versa. For example JSON standard says that strings are written into double quotes, so substituting from double quotes to single quotes is wrong I think. Please see my patch and let me know if I'm missing something. This issue is also related to ZF-9926.

Comments

Posted by Kim Blomqvist (kblomqvist) on 2011-07-23T11:44:12.000+0000

Patch attached

Posted by Pádraic Brady (padraic) on 2011-08-26T09:13:26.000+0000

Patch applied in r24400

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts