From 6547093937cd4ee33adb7f9e55ce6851e25a6a8f Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Tue, 2 Oct 2012 20:28:02 +0200
Subject: Backported commit 10467e8a5957 and other improvements

---
 program/include/html.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'program')

diff --git a/program/include/html.php b/program/include/html.php
index c15ef45cb..dc93b3317 100644
--- a/program/include/html.php
+++ b/program/include/html.php
@@ -301,7 +301,7 @@ class html
                 $attrib_arr[] = $key . '="' . Q($value, 'strict', false) . '"';
             }
             else {
-                $attrib_arr[] = $key . '="' . Q($value) . '"';
+                $attrib_arr[] = $key . '="' . htmlspecialchars($value, ENT_COMPAT, RCMAIL_CHARSET) . '"';
             }
         }
         return count($attrib_arr) ? ' '.implode(' ', $attrib_arr) : '';
-- 
cgit v1.2.3