Skip to content
This repository has been archived by the owner on Jan 30, 2020. It is now read-only.

Problem with HTML Escaper in Form Attributes #142

Closed
mano87 opened this issue Mar 6, 2017 · 2 comments
Closed

Problem with HTML Escaper in Form Attributes #142

mano87 opened this issue Mar 6, 2017 · 2 comments

Comments

@mano87
Copy link

mano87 commented Mar 6, 2017
edited
Loading

Hello,
the default form helper uses the function createAttributesString to creates a html string for all attributes in the form. However, this is very unfavorable for spaces and slashes in action or css attributes.

Example view.phtml

$form = $this->loginForm;
$form->setAttribute('action', $this->url('user-auth.login'));

// Submit-Button
$submit = $form->get('submit-login');
$submit->setAttribute('class', 'btn btn-primary');

HTML-Output in Browser:

<form action="&#x2F;login" method="post" name="login" id="login">
//...
<input type="submit" name="submit-login" class="btn&#x20;btn-primary" value="einloggen">

This would be better:

<form action="/login" method="post" name="login" id="login">
//...
<input type="submit" name="submit-login" class="btn btn-primary" value="einloggen">

Can You optimize this in a new release?
@froschdesign
Copy link
Member

froschdesign commented Mar 6, 2017
edited
Loading

@mano87

However, this is very unfavorable for spaces and slashes in action or css attributes.

Why? Do you have any problems with escaped attributes? In CSS or JS?

You can find some background for escaping at the documentation of zend-escaper, which is used to convert the attributes:

@froschdesign
Copy link
Member

Add your comments or questions here: zendframework/zend-escaper#21

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@froschdesign @mano87