Skip to content

Escaped values in attributes are converted back to characters  #12

New issue
New issue
Open
Open
Escaped values in attributes are converted back to characters #12
@bschuiling

Description

@bschuiling
bschuiling
opened on Jan 30, 2017

When adding sanitized strings to attributes Pquery's output can break form element because it converted encodes strings back to the character values of those.

Proof of concept:

require_once('pquery/load_pquery.php'); 
$domObj = pQuery::parseStr('<input type="text" placeholder="Hello">'); 
$domObj->query('input')->attr('placeholder', '\&quot;&gt; &#039;'); 
echo $domObj->html();

Output:
<input type="text" placeholder="\"> '" />

This is the result of this getInnerText() function in gan_node_html.php

function getInnerText() {
		return html_entity_decode($this->toString(true, true, 1), ENT_QUOTES);
}

I'm not sure what the purpose is for that line since pQuery doesn't seem to store those values encoded.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions