diff --git a/product/PortalTransforms/transforms/safe_html.py b/product/PortalTransforms/transforms/safe_html.py index 7275e236b65b92a10e04383082d291f1ad8a3969..de232353d90001fcb33c8c68e7e894de22e0549c 100644 --- a/product/PortalTransforms/transforms/safe_html.py +++ b/product/PortalTransforms/transforms/safe_html.py @@ -219,7 +219,7 @@ class StrippingParser(HTMLParser): self.original_charset = match.group('charset') v = charset_parser.sub( CharsetReplacer(self.default_encoding), v) - self.result.append(' %s="%s"' % (k, v)) + self.result.append(' %s="%s"' % (k, escape(v, True))) #UNUSED endTag = '</%s>' % tag if safeToInt(self.valid.get(tag)):