When adding sanitized strings to attributes Pquery's output can break form element because it converted encodes strings back to the character values of those.
Proof of concept:
require_once('pquery/load_pquery.php');
$domObj = pQuery::parseStr('<input type="text" placeholder="Hello">');
$domObj->query('input')->attr('placeholder', '\"> '');
echo $domObj->html();
Output:
<input type="text" placeholder="\"> '" />
This is the result of this getInnerText() function in gan_node_html.php
function getInnerText() {
return html_entity_decode($this->toString(true, true, 1), ENT_QUOTES);
}
I'm not sure what the purpose is for that line since pQuery doesn't seem to store those values encoded.
When adding sanitized strings to attributes Pquery's output can break form element because it converted encodes strings back to the character values of those.
Proof of concept:
Output:
<input type="text" placeholder="\"> '" />This is the result of this getInnerText() function in gan_node_html.php
I'm not sure what the purpose is for that line since pQuery doesn't seem to store those values encoded.