Compiler: special escaping for JS/CSS in attribute is used only when …

…value is quoted

src/Latte/Compiler/Compiler.php

@@ -441,26 +441,28 @@ private function processHtmlAttributeBegin(Token $token)
 		$this->lastAttrValue = & $this->htmlNode->attrs[$token->name];
 		$this->output .= $this->escape($token->text);
 
+		$context = NULL;
+		$lower = strtolower($token->name);
 		if (in_array($token->value, ['"', "'"], TRUE)) {
 			$this->lastAttrValue = '';
 			$contextMain = self::CONTEXT_QUOTED_ATTRIBUTE;
+			if (in_array($this->contentType, [self::CONTENT_HTML, self::CONTENT_XHTML], TRUE)) {
+				if (Helpers::startsWith($lower, 'on')) {
+					$context = self::CONTENT_JS;
+				} elseif ($lower === 'style') {
+					$context = self::CONTENT_CSS;
+				}
+			}
 		} else {
 			$this->lastAttrValue = $token->value;
 			$contextMain = self::CONTEXT_TAG;
 		}
 
-		$context = NULL;
-		if (in_array($this->contentType, [self::CONTENT_HTML, self::CONTENT_XHTML], TRUE)) {
-			$lower = strtolower($token->name);
-			if (Helpers::startsWith($lower, 'on')) {
-				$context = self::CONTENT_JS;
-			} elseif ($lower === 'style') {
-				$context = self::CONTENT_CSS;
-			} elseif (in_array($lower, ['href', 'src', 'action', 'formaction'], TRUE)
-				|| ($lower === 'data' && strtolower($this->htmlNode->name) === 'object')
-			) {
-				$context = self::CONTENT_URL;
-			}
+		if (in_array($this->contentType, [self::CONTENT_HTML, self::CONTENT_XHTML], TRUE)
+			&& (in_array($lower, ['href', 'src', 'action', 'formaction'], TRUE)
+				|| ($lower === 'data' && strtolower($this->htmlNode->name) === 'object'))
+		) {
+			$context = self::CONTENT_URL;
 		}
 
 		$this->setContext($contextMain, $context);

tests/Latte/expected/macros.general.html.html

@@ -26,7 +26,7 @@
 
 <p val = "some&amp;&lt;&gt;&quot;&#039;/chars" val2="`mxss "> </p>
 
-<p onclick = "&quot;some&amp;&lt;&gt;\&quot;&#039;\/chars&quot;"> </p>
+<p onclick = "some&amp;&lt;&gt;&quot;&#039;/chars"> </p>
 
 <p ONCLICK ="&quot;some&amp;&lt;&gt;\&quot;&#039;\/chars&quot;" "some&amp;&lt;&gt;&quot;&#039;/chars"> </p>
 

tests/Latte/expected/macros.general.html.phtml

@@ -52,7 +52,7 @@ class Template%a% extends Latte\Runtime\Template
 
 <p val = <?php echo LR\Filters::escapeHtmlAttrUnquoted($xss) /* line 27 */ ?> val2=<?php echo LR\Filters::escapeHtmlAttrUnquoted($mxss) /* line 27 */ ?>> </p>
 
-<p onclick = <?php echo LR\Filters::escapeHtmlAttrUnquoted(LR\Filters::escapeJs($xss)) /* line 29 */ ?>> </p>
+<p onclick = <?php echo LR\Filters::escapeHtmlAttrUnquoted($xss) /* line 29 */ ?>> </p>
 
 <p ONCLICK ="<?php echo LR\Filters::escapeHtmlAttr(LR\Filters::escapeJs($xss)) /* line 31 */ ?>" <?php echo LR\Filters::escapeHtmlAttrUnquoted($xss) /* line 31 */ ?>> </p>
 

tests/Latte/expected/macros.general.xhtml.html

@@ -26,7 +26,7 @@
 
 <p val = "some&amp;&lt;&gt;&quot;&#039;/chars" val2="`mxss "> </p>
 
-<p onclick = "&quot;some&amp;&lt;&gt;\&quot;&#039;\/chars&quot;"> </p>
+<p onclick = "some&amp;&lt;&gt;&quot;&#039;/chars"> </p>
 
 <p ONCLICK ="&quot;some&amp;&lt;&gt;\&quot;&#039;\/chars&quot;" "some&amp;&lt;&gt;&quot;&#039;/chars"> </p>
 

tests/Latte/expected/macros.general.xhtml.phtml

@@ -54,7 +54,7 @@ class Template%a% extends Latte\Runtime\Template
 
 <p val = <?php echo LR\Filters::escapeHtmlAttrUnquoted($xss) /* line 27 */ ?> val2=<?php echo LR\Filters::escapeHtmlAttrUnquoted($mxss) /* line 27 */ ?>> </p>
 
-<p onclick = <?php echo LR\Filters::escapeHtmlAttrUnquoted(LR\Filters::escapeJs($xss)) /* line 29 */ ?>> </p>
+<p onclick = <?php echo LR\Filters::escapeHtmlAttrUnquoted($xss) /* line 29 */ ?>> </p>
 
 <p ONCLICK ="<?php echo LR\Filters::escapeHtmlAttr(LR\Filters::escapeJs($xss)) /* line 31 */ ?>" <?php echo LR\Filters::escapeHtmlAttrUnquoted($xss) /* line 31 */ ?>> </p>