Why Nette does not escape “<” and “>” characters inside attributes?

Try turning on Nette\Utils\Html::$xhtml or changing the template content type, Latte should escape correctly for XML then.

Turn on XHTML mode in config.neon: https://doc.nette.org/en/configuring#…

Last edited by Aurielle (2015-07-25 01:38)

David Grudl wrote:

It is valid in XML.

Really?

Try to open this xml in browser:

<?xml version="1.0" encoding="UTF-8"?>
<test>
	<val value="<">test</val>
</test>

You'll get this error:

This page contains the following errors:
error on line 3 at column 13: Unescaped '<' not allowed in attributes values