From 1d980850f42652bc41cdc2b46789b015d772871b Mon Sep 17 00:00:00 2001
From: David Grudl <david@grudl.com>
Date: Wed, 5 Aug 2015 12:33:55 +0200
Subject: [PATCH] Html: chars '<' in attributes are encoded in XHTML

---
 src/Utils/Html.php          | 8 ++++++--
 tests/Utils/Html.basic.phpt | 4 ++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/Utils/Html.php b/src/Utils/Html.php
index 5b7e9cbc8..62bfb3615 100644
--- a/src/Utils/Html.php
+++ b/src/Utils/Html.php
@@ -554,8 +554,12 @@ public function attributes()
 			}
 
 			$q = strpos($value, '"') === FALSE ? '"' : "'";
-			$s .= ' ' . $key . '='
-				. $q . str_replace(array('&', $q), array('&amp;', $q === '"' ? '&quot;' : '&#39;'), $value)
+			$s .= ' ' . $key . '=' . $q
+				. str_replace(
+					array('&', $q, '<'),
+					array('&amp;', $q === '"' ? '&quot;' : '&#39;', self::$xhtml ? '&lt;' : '<'),
+					$value
+				)
 				. (strpos($value, '`') !== FALSE && strpbrk($value, ' <>"\'') === FALSE ? ' ' : '')
 				. $q;
 		}
diff --git a/tests/Utils/Html.basic.phpt b/tests/Utils/Html.basic.phpt
index 2818d6d9e..2466f64da 100644
--- a/tests/Utils/Html.basic.phpt
+++ b/tests/Utils/Html.basic.phpt
@@ -73,6 +73,10 @@ test(function () { // small & big numbers
 
 
 test(function () { // attributes escaping
+	Html::$xhtml = TRUE;
+	Assert::same('<a one=\'"\' two="\'" three="&lt;>" four="&amp;amp;"></a>', (string) Html::el('a')->one('"')->two("'")->three('<>')->four('&amp;'));
+
+	Html::$xhtml = FALSE;
 	Assert::same('<a one=\'"\' two="\'" three="<>" four="&amp;amp;"></a>', (string) Html::el('a')->one('"')->two("'")->three('<>')->four('&amp;'));
 	Assert::same('<a one="``xx "></a>', (string) Html::el('a')->one('``xx')); // mXSS
 });