X-Git-Url: https://jasonwoof.com/gitweb/?a=blobdiff_plain;ds=sidebyside;f=_source%2Fcore%2Fhtmlparser%2Fbasicwriter.js;h=269ca8df8d0115bdf19f79ccfee3a35baa3b0f40;hb=a272c66d841421f8bf933c16535bdcde1c4649fc;hp=c2468ecc8f6a1bfc3f0c5f52bf213fe935836220;hpb=941b0a9ba4e673e292510d80a5a86806994b8ea6;p=ckeditor.git

diff --git a/_source/core/htmlparser/basicwriter.js b/_source/core/htmlparser/basicwriter.js
index c2468ec..269ca8d 100644
--- a/_source/core/htmlparser/basicwriter.js
+++ b/_source/core/htmlparser/basicwriter.js
@@ -1,5 +1,5 @@
 /*
-Copyright (c) 2003-2010, CKSource - Frederico Knabben. All rights reserved.
+Copyright (c) 2003-2013, CKSource - Frederico Knabben. All rights reserved.
 For licensing, see LICENSE.html or http://ckeditor.com/license
 */
 
@@ -60,6 +60,10 @@ CKEDITOR.htmlParser.basicWriter = CKEDITOR.tools.createClass(
 		 */
 		attribute : function( attName, attValue )
 		{
+			// Browsers don't always escape special character in attribute values. (#4683, #4719).
+			if ( typeof attValue == 'string' )
+				attValue = CKEDITOR.tools.htmlEncodeAttr( attValue );
+
 			this._.output.push( ' ', attName, '="', attValue, '"' );
 		},