Skip to content
This repository has been archived by the owner on Jan 31, 2020. It is now read-only.

meta tag attributes escaped with escapeHtml instead of escapeHtmlAttr #107

Closed
autowp opened this issue Feb 13, 2017 · 5 comments
Closed

meta tag attributes escaped with escapeHtml instead of escapeHtmlAttr #107

autowp opened this issue Feb 13, 2017 · 5 comments

Comments

@autowp
Copy link

autowp commented Feb 13, 2017

headMeta view helper uses AbstractStandalone::escape method where escapeHtml is used instead of escapeHtmlAttr

Also headLink, headScript and other helpers affected.
@thexpand
Copy link
Contributor

It's not that easy to just change the escapeHtml with escapeHtmlAttr, because AbstractStandalone::escape() is used not only for attributes. I think a new method escapeAttribute could be introduced and will be used accordingly.

@thexpand thexpand mentioned this issue Aug 15, 2018
Closed
@Ocramius
Copy link
Member

@thexpand I don't understand your comment: why is a new method needed? We know that the meta element always has an attribute with the content.

@thexpand
Copy link
Contributor

@Ocramius Because the escape method uses the escapeHtml, which is okay for HTML content, but not okay for HTML attributes. That's why I think the escapeHtmlAttr needs exposure as a new method.

@Ocramius
Copy link
Member

Ah, I understand - needs two escapers 👍

@Ocramius Ocramius added the bug label Aug 15, 2018
@weierophinney
Copy link
Member

Fixed with #164, to be released with 2.11.0.

@weierophinney weierophinney removed the bug label Dec 6, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@weierophinney @Ocramius @autowp @thexpand