@@ -236,7 +236,7 @@ class Parser {
out.add("var value = "+exp+";\n");
out.add("if (value != false && value != null){\n");
out.add("__out.add(\" "+o.target+"=\\\"\");\n");
- out.add("__out.add(value);\n");
+ out.add("__out.add(html_escape(value));\n");
out.add("__out.add(\"\\\"\");\n");
out.add("}");
}
Laurent Bedubourg