search

zendframework / zend-form

Form component from Zend Framework
BSD 3-Clause "New" or "Revised" License
69 stars 87 forks source link

Problem with HTML Escaper in Form Attributes #142

Closed mano87 closed 7 years ago

mano87 commented 7 years ago

Hello, the default form helper uses the function createAttributesString to creates a html string for all attributes in the form. However, this is very unfavorable for spaces and slashes in action or css attributes.

Example view.phtml

$form = $this->loginForm;
$form->setAttribute('action', $this->url('user-auth.login'));

// Submit-Button
$submit = $form->get('submit-login');
$submit->setAttribute('class', 'btn btn-primary');

HTML-Output in Browser:

<form action="&#x2F;login" method="post" name="login" id="login">
//...
<input type="submit" name="submit-login" class="btn&#x20;btn-primary" value="einloggen">

This would be better:

<form action="/login" method="post" name="login" id="login">
//...
<input type="submit" name="submit-login" class="btn btn-primary" value="einloggen">

Can You optimize this in a new release?

froschdesign commented 7 years ago

@mano87

However, this is very unfavorable for spaces and slashes in action or css attributes.

Why? Do you have any problems with escaped attributes? In CSS or JS?

You can find some background for escaping at the documentation of zend-escaper, which is used to convert the attributes:

froschdesign commented 7 years ago

Add your comments or questions here: zendframework/zend-escaper#21