You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the attr filter is applied to a tag that already had its attributes encoded, any exploded attributes like class and style, will become double-encoded.
The reason seems to be that Html::parseTagAttributes() doesn't account for exploded attributes:
Applying multiple |attr filters to the same tag will double encode ampersands (i.e. to & instead of the expected &) in the class attribute:
What happened?
Description
If the
attr
filter is applied to a tag that already had its attributes encoded, any exploded attributes likeclass
andstyle
, will become double-encoded.The reason seems to be that
Html::parseTagAttributes()
doesn't account for exploded attributes:cms/src/helpers/Html.php
Line 361 in 2c347e1
Related: #12886
Steps to reproduce
Applying multiple
|attr
filters to the same tag will double encode ampersands (i.e. to&
instead of the expected&
) in the class attribute:The double-encoding also happens if a tag is rendered using the
{% tag %}
tag ortag()
function, and then has theattr
filter applied to it:Expected behavior
The
attr
filter should never double-encode existing attributes.Actual behavior
The
attr
filter will double-encode certain existing attributes, such asclass
andstyle
.Craft CMS version
4.4.1
PHP version
8.1.12
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions
None
The text was updated successfully, but these errors were encountered: