Index: /CKEditor/trunk/CHANGES.html =================================================================== --- /CKEditor/trunk/CHANGES.html (revision 5270) +++ /CKEditor/trunk/CHANGES.html (revision 5271) @@ -87,4 +87,5 @@
  • #5221 : Insert table into empty document cause JavaScript error thrown.
  • #5242 : Apply 'automatic' color option of text color incorrectly removes background-color style.
    • +
  • #4719 : IE does not escape attribute values properly.

    • Index: /CKEditor/trunk/_source/core/htmlparser/basicwriter.js =================================================================== --- /CKEditor/trunk/_source/core/htmlparser/basicwriter.js (revision 5270) +++ /CKEditor/trunk/_source/core/htmlparser/basicwriter.js (revision 5271) @@ -61,7 +61,7 @@ attribute : function( attName, attValue ) { - // Browsers don't always escape quote in attribute values. (#4683) + // Browsers don't always escape special character in attribute values. (#4683, #4719). if ( typeof attValue == 'string' ) - attValue = attValue.replace( /"/g, '"' ); + attValue = CKEDITOR.tools.htmlEncodeAttr( attValue ); this._.output.push( ' ', attName, '="', attValue, '"' ); Index: /CKEditor/trunk/_source/core/tools.js =================================================================== --- /CKEditor/trunk/_source/core/tools.js (revision 5270) +++ /CKEditor/trunk/_source/core/tools.js (revision 5271) @@ -324,4 +324,17 @@ /** + * Replace special HTML characters in HTMLElement's attribute with their relative HTML entity values. + * @param {String} The attribute's value to be encoded. + * @returns {String} The encode value. + * @example + * element.setAttribute( 'title', '' ); + * alert( CKEDITOR.tools.htmlEncodeAttr( element.getAttribute( 'title' ) ); // ">a " b <" + */ + htmlEncodeAttr : function( text ) + { + return text.replace( /"/g, '"' ).replace( //, '>' ); + }, + + /** * Replace characters can't be represented through CSS Selectors string * by CSS Escape Notation where the character escape sequence consists Index: /CKEditor/trunk/_source/plugins/htmlwriter/plugin.js =================================================================== --- /CKEditor/trunk/_source/plugins/htmlwriter/plugin.js (revision 5270) +++ /CKEditor/trunk/_source/plugins/htmlwriter/plugin.js (revision 5271) @@ -176,6 +176,6 @@ { this.forceSimpleAmpersand && ( attValue = attValue.replace( /&/g, '&' ) ); - // Browsers don't always escape quote in attribute values. (#4683) - attValue = attValue.replace( /"/g, '"' ); + // Browsers don't always escape special character in attribute values. (#4683, #4719). + attValue = CKEDITOR.tools.htmlEncodeAttr( attValue ); }