From 47978b5b00f1f458b969acdde496ba2bdc78859f Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Thu, 7 Jan 2010 10:41:29 +0100 Subject: [PATCH] Mehr Attribute HTML-escapen. --- SL/Template/Plugin/L.pm | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/SL/Template/Plugin/L.pm b/SL/Template/Plugin/L.pm index 40e132a86..f044fc165 100644 --- a/SL/Template/Plugin/L.pm +++ b/SL/Template/Plugin/L.pm @@ -5,6 +5,11 @@ use Template::Plugin; use strict; +sub _H { + my $string = shift; + return $::locale->quote_special_chars('HTML', $string); +} + sub new { my $class = shift; my $context = shift; @@ -20,7 +25,7 @@ sub attributes { while (my ($name, $value) = each %{ $options }) { next unless $name; $value ||= ''; - push @result, "${name}=\"" . $::locale->quote_special_chars('HTML', $value) . '"'; + push @result, _H($name) . '="' . _H($value) . '"'; } return @result ? ' ' . join(' ', @result) : ''; @@ -67,7 +72,7 @@ sub options_for_select { my %attributes = ( value => $result[0] ); $attributes{selected} = 'selected' if $options->{default} && ($options->{default} eq ($result[0] || '')); - push @tags, $self->html_tag('option', $result[1], \%attributes); + push @tags, $self->html_tag('option', _H($result[1]), \%attributes); } } -- 2.20.1