diff --git a/e107_handlers/e_parse_class.php b/e107_handlers/e_parse_class.php
index 867afdbb0..f93a1a69b 100644
--- a/e107_handlers/e_parse_class.php
+++ b/e107_handlers/e_parse_class.php
@@ -4800,8 +4800,17 @@ class e_parse
 
 	/**
 	 * Filters/Validates using the PHP5 filter_var() method.
+	 *
 	 * @param string|array $text
-	 * @param string $type string str|int|email|url|w|wds|file
+	 * @param string $type str|int|email|url|w|wds|file
+	 *
+	 *                     If the type is "str" (default), HTML tags are stripped, and quotation marks are escaped for
+	 *                     HTML with the intention of making the string safe to use in both concatenated SQL queries and
+	 *                     HTML code.
+	 *
+	 *                     Despite the intention, strings returned by this function should still be specified as values
+	 *                     in SQL prepared statements or surrounded by {@see mysqli_real_escape_string()} if the string
+	 *                     is to be written to the database.
 	 * @return string|boolean| array
 	 */
 	public function filter($text, $type = 'str', $validate = false)
@@ -4859,7 +4868,10 @@ class e_parse
 				{
 					$filterTypes = array(
 						'int'   => FILTER_SANITIZE_NUMBER_INT,
-						'str'   => function($input) { return strip_tags($input); },
+						'str'   => function($input)
+						{
+							return htmlspecialchars(strip_tags($input), ENT_QUOTES);
+						},
 						'email' => FILTER_SANITIZE_EMAIL,
 						'url'   => FILTER_SANITIZE_URL,
 						'enc'   => FILTER_SANITIZE_ENCODED
diff --git a/e107_handlers/form_handler.php b/e107_handlers/form_handler.php
index 399189d31..2d7c9491e 100644
--- a/e107_handlers/form_handler.php
+++ b/e107_handlers/form_handler.php
@@ -151,35 +151,46 @@ class e_form
 	
 		if(!empty($options['class']))
 		{
-			$class = "class='".$options['class']."'";
+			$class = $options['class'];
 		}
 		else  // default 
 		{
-			$class= "class='form-horizontal'"; 
+			$class = "form-horizontal";
 		}
 		
 		if(isset($options['autocomplete'])) // leave as isset()
 		{
-			$autoComplete = " autocomplete='".($options['autocomplete'] ? 'on' : 'off')."'";	
+			$autoComplete = $options['autocomplete'] ? 'on' : 'off';
 		}
 
 		
 		if($method === 'get' && strpos($target,'='))
 		{
-			list($url,$qry) = explode('?',$target);
-			$text = "\n<form {$class} action='{$url}' id='".$this->name2id($name)."' method = '{$method}'{$autoComplete}>\n";
-			
-			parse_str($qry,$m);
-			foreach($m as $k=>$v)
+			list($url, $qry) = explode('?', $target);
+			$text = "\n<form" . $this->attributes([
+					'class'        => $class,
+					'action'       => $url,
+					'id'           => $this->name2id($name),
+					'method'       => $method,
+					'autocomplete' => $autoComplete,
+				]) . ">\n";
+
+			parse_str($qry, $m);
+			foreach ($m as $k => $v)
 			{
-				$text .= $this->hidden($k, $v);					
+				$text .= $this->hidden($k, $v);
 			}
-			
-		}	
-		else 
+
+		}
+		else
 		{
-			$target = str_replace('&', '&amp;', $target);
-			$text = "\n<form {$class} action='{$target}' id='".$this->name2id($name)."' method='{$method}'{$autoComplete}>\n";
+			$text = "\n<form" . $this->attributes([
+					'class'        => $class,
+					'action'       => $target,
+					'id'           => $this->name2id($name),
+					'method'       => $method,
+					'autocomplete' => $autoComplete,
+				]) . ">\n";
 		}
 		return $text;	
 	}
@@ -630,37 +641,27 @@ class e_form
 	 */
 	public function carousel($name= 'e-carousel', $array=array(), $options = null)
 	{
-		$interval   = null;
-		$wrap       = null;
-		$pause      = null;
 		$indicators = '';
 		$controls   = '';
 				
 		$act = varset($options['default'], 0);
-		
-		if(isset($options['wrap']))
-		{
-			$wrap = 'data-wrap="'.$options['wrap'].'"';	
-		}
-		
-		if(isset($options['interval']))
-		{
-			$interval = 'data-interval="'.$options['interval'].'"';	
-		}
-		
-		if(isset($options['pause']))
-		{
-			$pause = 'data-pause="'.$options['pause'].'"';
-		}
 
 		$navigation = isset($options['navigation']) ? $options['navigation'] : true;
 		$indicate = isset($options['indicators']) ? $options['indicators'] : true;
 
 
-		$start  ='
+		$start = '
 		<!-- Carousel -->
 		
-		<div id="'.$name.'" class="carousel slide" data-ride="carousel" data-bs-ride="carousel" '.$interval.' '.$wrap.' '.$pause.'>';
+		<div' . $this->attributes([
+				'id'            => $name,
+				'class'         => 'carousel slide',
+				'data-ride'     => 'carousel',
+				'data-bs-ride'  => 'carousel',
+				'data-interval' => isset($options['interval']) ? $options['interval'] : null,
+				'data-wrap'     => isset($options['wrap']) ? $options['wrap'] : null,
+				'data-pause'    => isset($options['pause']) ? $options['pause'] : null,
+			]) . '>';
 
 		if($indicate && (count($array) > 1))
 		{
@@ -759,21 +760,27 @@ class e_form
 	 */
 	public function text($name, $value = '', $maxlength = 80, $options= null)
 	{
-		if(is_string($options))
+		if (is_string($options))
 		{
-			parse_str($options,$options);
+			parse_str($options, $options);
 		}
 
-		if(!vartrue($options['class']))
+		$attributes = [
+			'type'  => varset($options['type']) === 'email' ? 'email' : 'text',
+			'name'  => $name,
+			'value' => $value,
+		];
+
+		if (!vartrue($options['class']))
 		{
 			$options['class'] = 'tbox';
 		}
 
-		if(deftrue('BOOTSTRAP'))
+		if (deftrue('BOOTSTRAP'))
 		{
 			$options['class'] .= ' form-control';
 		}
-		
+
 		/*
 		if(!vartrue($options['class']))
 		{
@@ -828,27 +835,25 @@ class e_form
 		}
 
 		// TODO: remove typeahead.
-		if(!empty($options['typeahead']) && vartrue($options['typeahead']) === 'users')
+		if (!empty($options['typeahead']) && vartrue($options['typeahead']) === 'users')
 		{
-			$options['data-source'] = e_BASE. 'user.php';
+			$options['data-source'] = e_BASE . 'user.php';
 			$options['class'] .= ' e-typeahead';
 		}
-		
-		if(!empty($options['size']) && !is_numeric($options['size']))
+
+		if (!empty($options['size']) && !is_numeric($options['size']))
 		{
-			$options['class'] .= ' input-' .$options['size'];
+			$options['class'] .= ' input-' . $options['size'];
 			unset($options['size']); // don't include in html 'size='. 	
 		}
-			
-		$mlength = !empty($maxlength) ? 'maxlength=' .$maxlength : '';
-		
-		$type = varset($options['type']) === 'email' ? 'email' : 'text'; // used by $this->email();
-				
+
+		$attributes['maxlength'] = !empty($maxlength) ? $maxlength : null;
+
 		$options = $this->format_options('text', $name, $options);
-		
-	
+
+
 		//never allow id in format name-value for text fields
-		return "<input type='".$type."' name='{$name}' value='{$value}' {$mlength} ".$this->get_attributes($options, $name). ' />';
+		return "<input" . $this->attributes($attributes) . " " . $this->get_attributes($options, $name) . ' />';
 	}
 
 
@@ -870,44 +875,50 @@ class e_form
 	 */
 	public function number($name, $value=0, $maxlength = 200, $options = null)
 	{
-		if(is_string($options))
+		$attributes = [
+			'type'  => 'number',
+			'name'  => $name,
+			'value' => $value,
+		];
+
+		if (is_string($options))
 		{
 			parse_str($options, $options);
 		}
 
-		if(!empty($options['maxlength']))
+		if (!empty($options['maxlength']))
 		{
-			 $maxlength = $options['maxlength'];
+			$maxlength = $options['maxlength'];
 		}
 
 		unset($options['maxlength']);
 
-		if(empty($options['size']))
+		if (empty($options['size']))
 		{
-			 $options['size'] = 15;
+			$options['size'] = 15;
 		}
-		if(empty($options['class']))
+		if (empty($options['class']))
 		{
-			 $options['class'] = 'tbox number e-spinner input-small ';
+			$options['class'] = 'tbox number e-spinner input-small ';
 		}
-		
-		if(!empty($options['size']))
+
+		if (!empty($options['size']))
 		{
-			$options['class'] .= ' input-'.$options['size'];
+			$options['class'] .= ' input-' . $options['size'];
 			unset($options['size']);
 		}
 
 		$options['class'] .= ' form-control';
-		$options['type'] ='number';
-		
+		$options['type'] = 'number';
+
 		// Not used anymore
 		//$mlength = vartrue($maxlength) ? "maxlength=".$maxlength : "";
 
 		// Always define the min. parameter
 		// defaults to 0
 		// setting the min option to a negative value allows negative inputs
-		$min = " min='".vartrue($options['min'], '0')."'";
-		$max = isset($options['max']) ? " max='".$options['max']."'" : '';
+		$attributes['min'] = vartrue($options['min'], '0');
+		$attributes['max'] = isset($options['max']) ? $options['max'] : null;
 
 
 		if (empty($options['pattern']))
@@ -934,11 +945,11 @@ class e_form
 				// 0 = 1 > allows only integers, no float values
 				if ((int) $options['decimals'] <= 0)
 				{
-					$step = "step='1'";
+					$attributes['step'] = "1";
 				}
 				else
 				{
-					$step = "step='0." . str_pad(1, (int) $options['decimals'], 0, STR_PAD_LEFT)  . "'";
+					$attributes['step'] = "0." . str_pad(1, (int) $options['decimals'], 0, STR_PAD_LEFT);
 				}
 			}
 			else
@@ -946,7 +957,7 @@ class e_form
 				// decimal option not defined
 				// check for step option (1, 0.1, 0.01, and so on)
 				// or set default step 1 (integers only)
-				$step = "step='" . vartrue($options['step'], '1') . "'";
+				$attributes['step'] = vartrue($options['step'], '1');
 			}
 
 		}
@@ -954,13 +965,12 @@ class e_form
 		$options = $this->format_options('text', $name, $options);
 
 		//never allow id in format name-value for text fields
-		if(THEME_LEGACY === false)
+		if (THEME_LEGACY === false)
 		{
-			// return "<input pattern='[0-9]*' type='number' name='{$name}' value='{$value}' {$mlength} {$step} {$min} {$max} ".$this->get_attributes($options, $name)." />";
-			return "<input type='number' name='{$name}' {$min} {$max} {$step} value='{$value}' ".$this->get_attributes($options, $name). ' />';
+			return "<input" . $this->attributes($attributes) . " " . $this->get_attributes($options, $name) . ' />';
 		}
-		
-		return $this->text($name, $value, $maxlength, $options);	
+
+		return $this->text($name, $value, $maxlength, $options);
 	}
 
 
@@ -1028,96 +1038,103 @@ class e_form
 	 */
 	public function mediaUrl($category = '', $label = '', $tagid='', $extras=null)
 	{
-		if(is_string($extras))
+		if (is_string($extras))
 		{
-			parse_str($extras,$extras);
+			parse_str($extras, $extras);
 		}
 
 		$category = str_replace('+', '^', $category); // Bc Fix.
 
-		$cat    = ($category) ? '&amp;for='.urlencode($category) : '';
-		$mode   = vartrue($extras['mode'],'main');
-		$action = vartrue($extras['action'],'dialog');
+		$cat = ($category) ? '&for=' . urlencode($category) : '';
+		$mode = vartrue($extras['mode'], 'main');
+		$action = vartrue($extras['action'], 'dialog');
 
 
-
-		if(empty($label))
+		if (empty($label))
 		{
-			 $label = ' Upload an image or file';
+			$label = ' Upload an image or file';
 		}
 
 		// TODO - option to choose which tabs to display by default.
 
-		$url = e_ADMIN_ABS."image.php?mode={$mode}&amp;action={$action}".$cat;
+		$url = e_ADMIN_ABS . "image.php?mode={$mode}&action={$action}" . $cat;
 
 		if(!empty($tagid))
 		{
-			$url .= '&amp;tagid='.$tagid;
+			$url .= '&tagid=' . $tagid;
 		}
 
 		if(!empty($extras['bbcode']))
 		{
-			$url .= '&amp;bbcode='.$extras['bbcode'];
+			$url .= '&bbcode=' . $extras['bbcode'];
 		}
 
-		$url .= '&amp;iframe=1';
+		$url .= '&iframe=1';
 		
 		if(!empty($extras['w']))
 		{
-			$url .= '&amp;w=' .$extras['w'];
+			$url .= '&w=' . $extras['w'];
 		}
 
 		if(!empty($extras['image']))
 		{
-			$url .= '&amp;image=1';
+			$url .= '&image=1';
 		}
 
 		if(!empty($extras['glyphs']) || !empty($extras['glyph']))
 		{
-			$url .= '&amp;glyph=1';
+			$url .= '&glyph=1';
 		}
 
 		if(!empty($extras['icons']) || !empty($extras['icon']))
 		{
-			$url .= '&amp;icon=1';
+			$url .= '&icon=1';
 		}
 
 		if(!empty($extras['youtube']))
 		{
-			$url .= '&amp;youtube=1';
+			$url .= '&youtube=1';
 		}
 		
 		if(!empty($extras['video']))
 		{
-			$url .= ($extras['video'] == 2) ? '&amp;video=2' : '&amp;video=1';
+			$url .= ($extras['video'] == 2) ? '&video=2' : '&video=1';
 		}
 
 		if(!empty($extras['audio']))
 		{
-			$url .= '&amp;audio=1';
+			$url .= '&audio=1';
 		}
 
 		if(!empty($extras['path']) && $extras['path'] === 'plugin')
 		{
-			$url .= '&amp;path=' .deftrue('e_CURRENT_PLUGIN');
+			$url .= '&path=' . deftrue('e_CURRENT_PLUGIN');
 		}
 
 		if(E107_DBG_BASIC)
 		{
 
-			$title = 'Media Manager : ' .$category;
+			$title = 'Media Manager : ' . $category;
 		}
 		else
 		{
 			$title = LAN_EDIT;
 		}
 
-		$class = !empty($extras['class']) ? $extras['class']. ' ' : '';
+		$class = !empty($extras['class']) ? $extras['class'] . ' ' : '';
 		$title = !empty($extras['title']) ? $extras['title'] : $title;
 
-	    $ret = "<a title='".$title."' class='".$class."e-modal' data-modal-submit='true' data-modal-caption='".LAN_EFORM_007."' data-cache='false' data-target='#uiModal' href='".$url."'>".$label. '</a>'; // using bootstrap.
+		$ret = "<a" . $this->attributes([
+				'title'              => $title,
+				'class'              => "{$class}e-modal",
+				'data-modal-submit'  => 'true',
+				'data-modal-caption' => LAN_EFORM_007,
+				'data-cache'         => 'false',
+				'data-target'        => '#uiModal',
+				'href'               => $url,
+			]) . ">" . $label . '</a>'; // using bootstrap.
 
-		if(!e107::getRegistry('core/form/mediaurl'))
+		if (!e107::getRegistry('core/form/mediaurl'))
 		{
 			e107::setRegistry('core/form/mediaurl', true);
 		}
@@ -1427,24 +1444,32 @@ class e_form
 			$editIcon = $this->mediaUrl($cat, '<span><!-- --></span>', $name_id,$parms);
 		}
 
-		$ret .= "<div id='{$name_id}_prev' class='mediaselector-preview".$dropzone."'>";
+		$ret .= "<div id='{$name_id}_prev' class='mediaselector-preview" . $dropzone . "'>";
 
 		$ret .= $preview; // image, video. audio tag etc.
 
 		$ret .= "</div><div class='overlay'>
-				    <div class='text'>".$editIcon.$previewIcon."</div>
+				    <div class='text'>" . $editIcon . $previewIcon . "</div>
 				  </div>";
 
 		$ret .= "</div>\n";
-		$ret .=	"<input type='hidden' name='{$name}' id='{$name_id}' value='{$default}' />";
-		$ret .=	"<input type='hidden' name='mediameta_{$name}' id='{$meta_id}' value='' />";
+		$ret .= "<input" . $this->attributes([
+				'type'  => 'hidden',
+				'name'  => $name,
+				'id'    => $name_id,
+				'value' => $default]) . " />";
+		$ret .= "<input" . $this->attributes([
+				'type' => 'hidden',
+				'name' => "mediameta_$name",
+				'id'   => $meta_id,
+			]) . " />";
 
-		if(empty($dropzone))
+		if (empty($dropzone))
 		{
 			return $ret;
 		}
 
-		if(!isset($parms['label']))
+		if (!isset($parms['label']))
 		{
 			$parms['label'] = defset('LAN_UI_DROPZONE_DROP_FILES', 'Drop files here to upload');
 		}
@@ -1573,11 +1598,17 @@ class e_form
 
 		if(isset($sc_parameters['data']) && $sc_parameters['data'] === 'array')
 		{
-			// Do not use $this->hidden() method - as it will break 'id' value. 
-			$ret .=	"<input type='hidden' name='".$name."[path]' id='".$this->name2id($name. '[path]')."' value='".varset($default['path'])."'  />";
-			$ret .=	"<input type='hidden' name='".$name."[name]' id='".$this->name2id($name. '[name]')."' value='".varset($default['name'])."'  />";
-			$ret .=	"<input type='hidden' name='".$name."[id]' id='".$this->name2id($name. '[id]')."' value='".varset($default['id'])."'  />";
-		
+			// Do not use $this->hidden() method - as it will break 'id' value.
+			foreach (['path', 'name', 'id'] as $key)
+			{
+				$ret .= "<input" . $this->attributes([
+						'type'  => 'hidden',
+						'name'  => "{$name}[{$key}]",
+						'id'    => $this->name2id("{$name}[{$key}]"),
+						'value' => varset($default[$key]),
+					]) . "  />";
+			}
+
 			$default = $default['path'];
 		}	
 		else
@@ -2023,17 +2054,19 @@ class e_form
 	 */
 	public function file($name, $options = array())
 	{
-		if(deftrue('e_ADMIN_AREA') && empty($options['class']))
+		if (deftrue('e_ADMIN_AREA') && empty($options['class']))
 		{
-			$options = array('class'=>'tbox well file');
+			$options = array('class' => 'tbox well file');
 		}
 
 		$options = $this->format_options('file', $name, $options);
 
 
-
 		//never allow id in format name-value for text fields
-		return "<input type='file' name='{$name}'".$this->get_attributes($options, $name). ' />';
+		return "<input" . $this->attributes([
+				'type' => 'file',
+				'name' => $name,
+			]) . $this->get_attributes($options, $name) . ' />';
 	}
 
 	/**
@@ -2104,24 +2137,29 @@ class e_form
 		
 		if(!empty($options['size']) && !is_numeric($options['size']))
 		{
-			$options['class'] .= ' input-' .$options['size'];
+			$options['class'] .= ' input-' . $options['size'];
 			unset($options['size']); // don't include in html 'size='. 	
 		}
-		
+
 		$type = empty($options['nomask']) ? 'password' : 'text';
-		
+
 		$options = $this->format_options('text', $name, $options);
 
-	
-		//never allow id in format name-value for text fields
-		$text = "<input type='".$type."' name='{$name}' value='{$value}' maxlength='{$maxlength}'".$this->get_attributes($options, $name). ' />';
 
-		if(empty($gen) && empty($addon))
+		//never allow id in format name-value for text fields
+		$text = "<input" . $this->attributes([
+				'type'      => $type,
+				'name'      => $name,
+				'value'     => $value,
+				'maxlength' => $maxlength,
+			]) . $this->get_attributes($options, $name) . ' />';
+
+		if (empty($gen) && empty($addon))
 		{
-			return $text;	
+			return $text;
 		}
 
-		return "<span class='form-inline'>".$text.$gen. '</span>' .vartrue($addon);
+		return "<span class='form-inline'>" . $text . $gen . '</span>' . vartrue($addon);
 
 	}
 
@@ -2145,12 +2183,15 @@ class e_form
 		
 		if(defined('BOOTSTRAP') && BOOTSTRAP === 4)
 		{
-			return '<a class="pager-button btn btn-primary" href="'.$url.'">'.$total.'</a>';
+			return '<a' . $this->attributes([
+					'class' => 'pager-button btn btn-primary',
+					'href'  => $url,
+				]) . '>' . $total . '</a>';
 		}
 
 		if(!is_numeric($total))
 		{
-			return '<ul class="pager"><li><a href="'.$url.'">'.$total.'</a></li></ul>';
+			return '<ul class="pager"><li><a' . $this->attributes(['href' => $url]) . '>' . $total . '</a></li></ul>';
 		}
 
 
@@ -2283,16 +2324,21 @@ class e_form
 			$options['class'] .= ' form-control input-' .$options['size'];
 			unset($options['size']); // don't include in html 'size='. 	
 		}
-		elseif(empty($options['noresize']))
+		elseif (empty($options['noresize']))
 		{
-			$options['class'] = (isset($options['class']) && $options['class']) ? $options['class'].' e-autoheight' : 'tbox col-md-7 span7 e-autoheight form-control';
+			$options['class'] = (isset($options['class']) && $options['class']) ? $options['class'] . ' e-autoheight' : 'tbox col-md-7 span7 e-autoheight form-control';
 		}
 
 		$options = $this->format_options('textarea', $name, $options);
-		
+
 //		print_a($options);
 		//never allow id in format name-value for text fields
-		return "<textarea name='{$name}' rows='{$rows}' cols='{$cols}'".$this->get_attributes($options, $name).">{$value}</textarea>".($counter !== false ? $this->hidden('__'.$name.'autoheight_opt', $counter) : '');
+		return "<textarea" . $this->attributes([
+				'name' => $name,
+				'rows' => $rows,
+				'cols' => $cols,
+			]) . $this->get_attributes($options, $name) . ">{$value}</textarea>" .
+			($counter !== false ? $this->hidden('__' . $name . 'autoheight_opt', $counter) : '');
 	}
 
 	/**
@@ -2569,23 +2615,27 @@ class e_form
 
 		if(!isset($options['class']))
         {
-            $options['class'] = '';
+	        $options['class'] = '';
         }
 
-        $options['class'] .= ' form-check-input';
+		$options['class'] .= ' form-check-input';
 
-		if($snippet = $this->getSnippet('checkbox'))
+		if ($snippet = $this->getSnippet('checkbox'))
 		{
 			return $this->renderSnippet($snippet, $options, $name, $value);
 		}
 
-		$pre = (!empty($options['label'])) ? "<label class='".$labelClass.$active."'{$labelTitle}>" : ''; // Bootstrap compatible markup
-		$post = (!empty($options['label'])) ? '<span>' .$options['label']. '</span></label>' : '';
+		$pre = (!empty($options['label'])) ? "<label class='" . $labelClass . $active . "'{$labelTitle}>" : ''; // Bootstrap compatible markup
+		$post = (!empty($options['label'])) ? '<span>' . $options['label'] . '</span></label>' : '';
 		unset($options['label']); // not to be used as attribute;
 
-		
-		return $pre. "<input type='checkbox' name='{$name}' value='{$value}'".$this->get_attributes($options, $name, $value). ' />' .$post;
-		
+
+		return $pre . "<input" . $this->attributes([
+				'type'  => 'checkbox',
+				'name'  => $name,
+				'value' => $value,
+			]) . $this->get_attributes($options, $name, $value) . ' />' . $post;
+
 
 	}
 
@@ -2764,37 +2814,43 @@ class e_form
 			unset($options['id']);
 		}
 
-		if($snippet = $this->getSnippet('radio'))
+		if ($snippet = $this->getSnippet('radio'))
 		{
 			$options['label'] = $labelFound;
+
 			return $this->renderSnippet($snippet, $options, $name, $value);
 		}
 
 		// $options['class'] = 'inline';	
 		$text = '';
 
-	//	return print_a($options,true);
-		if($labelFound) // Bootstrap compatible markup
+		//	return print_a($options,true);
+		if ($labelFound) // Bootstrap compatible markup
 		{
 			$defaultClass = (deftrue('BOOTSTRAP')) ? 'radio-inline form-check-inline' : 'radio inline';
 			$dis = (!empty($options['disabled'])) ? ' disabled' : '';
 			$text .= "<label class='{$defaultClass}{$dis}'>";
-			
+
 		}
-		
-		
-		$text .= "<input class='form-check-input' type='radio' name='{$name}' value='".$value."'".$this->get_attributes($options, $name, $value). ' />';
-		
-		if(!empty($options['help']))
+
+
+		$text .= "<input" . $this->attributes([
+				'class' => 'form-check-input',
+				'type'  => 'radio',
+				'name'  => $name,
+				'value' => $value,
+			]) . $this->get_attributes($options, $name, $value) . ' />';
+
+		if (!empty($options['help']))
 		{
-			$text .= "<div class='field-help'>".$options['help']. '</div>';
+			$text .= "<div class='field-help'>" . $options['help'] . '</div>';
 		}
-		
-		if($labelFound)
+
+		if ($labelFound)
 		{
-			$text .= ' <span>' .$labelFound. '</span></label>';
+			$text .= ' <span>' . $labelFound . '</span></label>';
 		}
-		
+
 		return $text;
 	}
 
@@ -3375,7 +3431,7 @@ var_dump($select_options);*/
 		    parse_str($options, $options);
 	    }
 
-		if($value === false)
+		if ($value === false)
 		{
 			$value = '';
 		}
@@ -3384,8 +3440,9 @@ var_dump($select_options);*/
 		$options['selected'] = $selected; //comes as separate argument just for convenience
 
 
-
-		return "<option value='{$value}'".$this->get_attributes($options). '>' .defset($option_title, $option_title). '</option>';
+		return "<option" . $this->attributes(['value' => $value]) . $this->get_attributes($options) . '>'
+			. defset($option_title, $option_title) .
+			'</option>';
 	}
 
 
@@ -3499,7 +3556,11 @@ var_dump($select_options);*/
 	{
 		$options = $this->format_options('hidden', $name, $options);
 
-		return "<input type='hidden' name='{$name}' value='{$value}'".$this->get_attributes($options, $name, $value). ' />';
+		return "<input" . $this->attributes([
+				'type'  => 'hidden',
+				'name'  => $name,
+				'value' => $value,
+			]) . $this->get_attributes($options, $name, $value) . ' />';
 	}
 
 	/**
@@ -3508,13 +3569,22 @@ var_dump($select_options);*/
 	 */
 	public function token()
 	{
-		return "<input type='hidden' name='e-token' value='".defset('e_TOKEN')."' />";
+		return "<input" . $this->attributes([
+				'type'  => 'hidden',
+				'name'  => 'e-token',
+				'value' => defset('e_TOKEN'),
+			]) . " />";
 	}
 
 	public function submit($name, $value, $options = array())
 	{
 		$options = $this->format_options('submit', $name, $options);
-		return "<input type='submit' name='{$name}' value='{$value}'".$this->get_attributes($options, $name, $value). ' />';
+
+		return "<input" . $this->attributes([
+				'type'  => 'submit',
+				'name'  => $name,
+				'value' => $value,
+			]) . $this->get_attributes($options, $name, $value) . ' />';
 	}
 
 	public function submit_image($name, $value, $image, $title='', $options = array())
@@ -3549,19 +3619,24 @@ var_dump($select_options);*/
 			case 'view':
 				$icon = $tp->toIcon('e-view-32');
 				$options['class'] = $options['class'] === 'action' ? 'btn btn-default btn-secondary action view' : $options['class'];
-			break;
+				break;
 		}
 
 		$options['title'] = $title;//shorthand
 
-		if(!empty($customIcon))
+		if (!empty($customIcon))
 		{
 			$icon = $customIcon;
 		}
-		
-		return  "<button type='submit' name='{$name}' data-placement='left' value='{$value}'".$this->get_attributes($options, $name, $value). '  >' .$icon. '</button>';
 
-	
+		return "<button" . $this->attributes([
+				'type'           => 'submit',
+				'name'           => $name,
+				'data-placement' => 'left',
+				'value'          => $value,
+			]) . $this->get_attributes($options, $name, $value) . '  >' . $icon . '</button>';
+
+
 	}
 
 	/**
@@ -3691,7 +3766,11 @@ var_dump($select_options);*/
 	{
 		if(deftrue('BOOTSTRAP') && getperms($perms))
 		{
-			return "<span class='e-instant-edit hidden-print'><a target='_blank' title='".LAN_EDIT."' href='".$url."'>".e107::getParser()->toGlyph('fa-edit'). '</a></span>';
+			return "<span class='e-instant-edit hidden-print'><a" . $this->attributes([
+					'target' => '_blank',
+					'title'  => LAN_EDIT,
+					'href'   => $url,
+				]) . ">" . e107::getParser()->toGlyph('fa-edit') . '</a></span>';
 		}
 
 		return '';
@@ -3714,19 +3793,24 @@ var_dump($select_options);*/
 	{
 		$action = (string) $action;
 		$btype = 'submit';
-		if(strpos($action, 'action') === 0 || $action === 'button')
+		if (strpos($action, 'action') === 0 || $action === 'button')
 		{
 			$btype = 'button';
 		}
 
-		if(isset($options['loading']) && ($options['loading'] == false))
+		$attributes = [
+			'type'  => $btype,
+			'name'  => $name,
+			'value' => $value,
+		];
+
+		if (isset($options['loading']) && ($options['loading'] == false))
 		{
 			unset($options['loading']);
-			$include = '';
 		}
 		else
 		{
-			$include = ($this->_fontawesome) ? "data-loading-icon='fa-spinner'" : ''; // data-disable breaks db.php charset Fix.
+			$attributes = ['data-loading-icon' => $this->_fontawesome ? 'fa-spinner' : null] + $attributes; // data-disable breaks db.php charset Fix.
 		}
 
 		$confirmation = LAN_JSCONFIRM;
@@ -3782,7 +3866,7 @@ var_dump($select_options);*/
 				break;
 		}
 
-		return '<button ' . $include . " type='{$btype}' name='{$name}' value='{$value}'" . $this->get_attributes($options, $name) . "><span>{$label}</span></button>";
+		return '<button' . $this->attributes($attributes) . $this->get_attributes($options, $name) . "><span>{$label}</span></button>";
 	}
 
 	/**
@@ -3901,6 +3985,30 @@ var_dump($select_options);*/
 		$this->_tabindex_counter = $reset;
 	}
 
+	/**
+	 * Build a series of HTML attributes from the provided array
+	 *
+	 * @param array $attributes Key-value pairs of HTML attributes. The value must not be HTML-encoded. If the value is
+	 *                          boolean true, the value will be set to the key (e.g. `['required' => true]` becomes
+	 *                          "required='required'").
+	 * @return string The HTML attributes to concatenate inside an HTML tag
+	 */
+	private function attributes($attributes)
+	{
+		$stringifiedAttributes = [];
+
+		foreach ($attributes as $key => $value)
+		{
+			if ($value === true) $value = $key;
+			if (!empty($value) || is_numeric($value))
+			{
+				$stringifiedAttributes[] = $key . "='" . htmlspecialchars($value, ENT_QUOTES) . "'";
+			}
+		}
+
+		return count($stringifiedAttributes) > 0 ? " ".implode(" ", $stringifiedAttributes) : "";
+	}
+
 	public function get_attributes($options, $name = '', $value = '')
 	{
 		$ret = '';
@@ -3909,7 +4017,7 @@ var_dump($select_options);*/
 		{
 			if ($option !== 'other')
 			{
-				$optval = htmlspecialchars(trim((string) $optval),  ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+				$optval = html_entity_decode(trim((string) $optval));
 			}
 			switch ($option)
 			{
@@ -3919,30 +4027,30 @@ var_dump($select_options);*/
 					break;
 
 				case 'class':
-					if(!empty($optval))
-					{
-						$ret .= " class='{$optval}'";
-					}
-					break;
-
 				case 'size':
-					if($optval)
-					{
-						$ret .= " size='{$optval}'";
-					}
-					break;
-
 				case 'title':
-					if($optval)
-					{
-						$ret .= " title='{$optval}'";
-					}
+				case 'label':
+				case 'maxlength':
+				case 'wrap':
+				case 'autocomplete':
+				case 'pattern':
+					$ret .= $this->attributes([$option => $optval]);
 					break;
 
-				case 'label':
-					if($optval)
-					{
-						$ret .= " label='{$optval}'";
+				case 'readonly':
+				case 'multiple':
+				case 'selected':
+				case 'checked':
+				case 'disabled':
+				case 'required':
+				case 'autofocus':
+					$ret .= $this->attributes([$option => (bool) $optval]);
+					break;
+
+				case 'placeholder':
+					if($optval) {  
+					  $optval = deftrue($optval, $optval);  
+					  $ret .= $this->attributes([$option => $optval]);
 					}
 					break;
 
@@ -3958,91 +4066,7 @@ var_dump($select_options);*/
 					else
 					{
 						++$this->_tabindex_counter;
-						$ret .= " tabindex='".$this->_tabindex_counter."'";
-					}
-					break;
-
-				case 'readonly':
-					if($optval)
-					{
-						$ret .= " readonly='readonly'";
-					}
-					break;
-
-				case 'multiple':
-					if($optval)
-					{
-						$ret .= " multiple='multiple'";
-					}
-					break;
-
-				case 'selected':
-					if($optval)
-					{
-						$ret .= " selected='selected'";
-					}
-					break;
-
-				case 'maxlength':
-					if($optval)
-					{
-						$ret .= " maxlength='{$optval}'";
-					}
-					break;
-
-				case 'checked':
-					if($optval)
-					{
-						$ret .= " checked='checked'";
-					}
-					break;
-
-				case 'disabled':
-					if($optval)
-					{
-						$ret .= " disabled='disabled'";
-					}
-					break;
-					
-				case 'required':
-					if($optval)
-					{
-						$ret .= " required='required'";
-					}
-					break;
-					
-				case 'autofocus':
-					if($optval)
-					{
-						$ret .= " autofocus='autofocus'";
-					}
-					break;
-					
-				case 'placeholder':
-					if($optval) {  
-					  $optval = deftrue($optval, $optval);  
-					  $ret .= " placeholder='{$optval}'";
-					}
-					break;
-
-				case 'wrap':
-					if($optval)
-					{
-						$ret .= " wrap='{$optval}'";
-					}
-					break;
-					
-				case 'autocomplete':
-					if($optval)
-					{
-						$ret .= " autocomplete='{$optval}'";
-					}
-					break;
-					
-				case 'pattern':
-					if($optval)
-					{
-						$ret .= " pattern='{$optval}'";
+						$ret .= $this->attributes([$option => $this->_tabindex_counter]);
 					}
 					break;
 
@@ -4056,7 +4080,7 @@ var_dump($select_options);*/
 				default:
 					if(strpos($option,'data-') === 0)
 					{
-						$ret .= ' ' .$option."='{$optval}'";
+						$ret .= $this->attributes([$option => $optval]);
 					}
 				break;
 			}
@@ -4119,21 +4143,20 @@ var_dump($select_options);*/
 			return $ret;
 		}
 
-
 		if (empty($id_value))
 		{
-			$ret = " {$return_attribute}='{$name}" . ($value ? "-{$value}" : '') . "'";
+			$ret = "{$name}" . ($value ? "-{$value}" : '');
 		}
 		elseif (is_numeric($id_value) && $name) // also useful when name is e.g. name='my_name[some_id]'
 		{
-			$ret = " {$return_attribute}='{$name}-{$id_value}'";
+			$ret = "{$name}-{$id_value}";
 		}
 		else // also useful when name is e.g. name='my_name[]'
 		{
-			$ret = " {$return_attribute}='{$id_value}'";
+			$ret = "{$id_value}";
 		}
 
-		return $ret;
+		return " $return_attribute='" . htmlentities($ret, ENT_QUOTES) . "'";
 	}
 
 	public function name2id($name)
@@ -4440,30 +4463,33 @@ var_dump($select_options);*/
 			{
 				$cl = (vartrue($val['thclass'])) ? " class='".$val['thclass']."'" : '';
 
-				$aClass = ($key === $field) ? "class='sorted-".$sorted."'" : '';
+				$aClass = ($key === $field) ? "sorted-" . $sorted : null;
 
 				$text .= "
 					<th id='e-column-".str_replace('_', '-', $key)."'{$cl}>
 				";
 
-                if($querypattern!= '' && $key !== 'options' && $key !== 'checkboxes' && !vartrue($val['nosort']))
+				if ($querypattern != '' && $key !== 'options' && $key !== 'checkboxes' && !vartrue($val['nosort']))
 				{
 					$from = ($key == $field) ? $fromval : 0;
 					$srch = array('[FIELD]', '[ASC]', '[FROM]');
-					$repl = array($key,$ascdesc,$from);
-                	$val['url'] = e_SELF. '?' .str_replace($srch,$repl,$querypattern);
+					$repl = array($key, $ascdesc, $from);
+					$val['url'] = e_SELF . '?' . str_replace($srch, $repl, $querypattern);
 				}
 
 
-
-				$text .= (vartrue($val['url'])) ? '<a ' .$aClass. ' title="' .LAN_SORT."\" href='".str_replace(array('&amp;', '&'), array('&', '&amp;'),$val['url'])."'>" : '';  // Really this column-sorting link should be auto-generated, or be autocreated via unobtrusive js.
-	            $text .= !empty($val['title']) ? defset($val['title'], $val['title']) : '';
+				$text .= (vartrue($val['url'])) ? '<a' . $this->attributes([
+						'class' => $aClass,
+						'title' => LAN_SORT,
+						'href'  => str_replace('&amp;', '&', $val['url']),
+					]) . ">" : '';  // Really this column-sorting link should be auto-generated, or be autocreated via unobtrusive js.
+				$text .= !empty($val['title']) ? defset($val['title'], $val['title']) : '';
 				$text .= ($val['url']) ? '</a>' : '';
-	            $text .= ($key === 'options' && !vartrue($val['noselector'])) ? $this->columnSelector($fieldarray, $columnPref) : '';
+				$text .= ($key === 'options' && !vartrue($val['noselector'])) ? $this->columnSelector($fieldarray, $columnPref) : '';
 				$text .= ($key === 'checkboxes') ? $this->checkbox_toggle('e-column-toggle', vartrue($val['toggle'], 'multiselect')) : '';
 
-	
-	 			$text .= '
+
+				$text .= '
 					</th>
 				';
 			}
@@ -4471,7 +4497,7 @@ var_dump($select_options);*/
 
 		return '
 		<thead>
-	  		<tr >' .$text. '</tr>
+	  		<tr>' . $text . '</tr>
 		</thead>
 		';
 
@@ -4706,14 +4732,8 @@ var_dump($select_options);*/
 
 			$value = $this->renderValue($field, varset($fieldvalues[$field]), $data, varset($fieldvalues[$pid]));
 
-
-			if($tdclass)
-			{
-				$tdclass = ' class="'.$tdclass.'"';
-			}
-
 			$text .= '
-				<td'.$tdclass.'>
+				<td' . $this->attributes(['class' => $tdclass]) . '>
 					'.$value.'
 				</td>
 			';
@@ -4747,12 +4767,10 @@ var_dump($select_options);*/
 			return '';
 		}
 
-		$trclass = '';
-		//	$trclass = vartrue($fieldvalues['__trclass']) ?  ' class="'.$trclass.'"' : '';
 		unset($fieldValues['__trclass']);
 
 		return '
-				<tr'.$trclass.' id="row-' . $fieldValues[$pid].'">
+				<tr id="row-' . $fieldValues[$pid] . '">
 					'.$ret.'
 				</tr>
 			';
@@ -4799,39 +4817,39 @@ var_dump($select_options);*/
 
 		if(!isset($options['url']))
 		{
-			$options['url'] = e_SELF."?mode={$mode}&amp;action=inline&amp;id={$pid}&amp;ajax_used=1";
+			$options['url'] = e_SELF . "?mode={$mode}&action=inline&id={$pid}&ajax_used=1";
 		}
 
-		if(!empty($pid))
+		if (!empty($pid))
 		{
 			$options['pk'] = $pid;
 		}
 
-		$title = varset($options['title'] , (LAN_EDIT. ' ' .$fieldName));
+		$title = varset($options['title'], (LAN_EDIT . ' ' . $fieldName));
 		$class = varset($options['class']);
 
-		unset( $options['title']);
-
-		$text = "<a class='e-tip e-editable editable-click ".$class."' data-name='".$dbField."' ";
-		$text .= (is_array($array)) ? "data-source='".$source."'  " : '';
-		$text .= ' title="' .$title."\" data-type='".$type."' data-inputclass='x-editable-".$this->name2id($dbField). ' ' .$class."' data-value=\"{$curVal}\"   href='#' ";
+		unset($options['title']);
 
+		$attributes = [
+			'class'           => "e-tip e-editable editable-click $class",
+			'data-name'       => $dbField,
+			'data-source'     => is_array($array) ? $source : null,
+			'title'           => $title,
+			'data-type'       => $type,
+			'data-inputclass' => 'x-editable-' . $this->name2id($dbField) . ' ' . $class,
+			'data-value'      => $curVal,
+			'href'            => '#',
+		];
 		$options['token'] = $this->inlineToken();
-
-		if(!empty($options))
+		if (!empty($options))
 		{
-			foreach($options as $k=>$opt)
+			foreach ($options as $k => $opt)
 			{
-				if(!empty($opt))
-				{
-					$text .= ' data-' .$k."='".$opt."'";
-				}
+				$attributes += ['data-' . $k => $opt];
 			}
 		}
 
-		$text .= '>' .$linkText. '</a>';
-		
-		return $text;	
+		return "<a" . $this->attributes($attributes) . ">$linkText</a>";
 	}
 
 	/**
@@ -4855,38 +4873,43 @@ var_dump($select_options);*/
 		}
 
 		/** @var e_admin_model $model */
-		if(!$model = e107::getRegistry('core/adminUI/currentListModel')) // Try list model
+		if (!$model = e107::getRegistry('core/adminUI/currentListModel')) // Try list model
 		{
 			$model = e107::getRegistry('core/adminUI/currentModel'); // try create/edit model.
 		}
 
-		$dialog     = vartrue($parms['target']) === 'dialog' ? ' e-modal' : ''; // iframe
-		$ext        = vartrue($parms['target']) === 'blank' ? " rel='external' " : ''; // new window
-		$modal      = vartrue($parms['target']) === 'modal' ? " data-toggle='modal' data-bs-toggle='modal' data-cache='false' data-target='#uiModal' " : '';
+		$dialog = vartrue($parms['target']) === 'dialog' ? ' e-modal' : ''; // iframe
+		$ext = vartrue($parms['target']) === 'blank' ? "external" : null; // new window
+		$modal = vartrue($parms['target']) === 'modal' ? [
+			"data-toggle"    => 'modal',
+			"data-bs-toggle" => 'modal',
+			"data-cache"     => 'false',
+			"data-target"    => '#uiModal'
+		] : [];
 
 		$link = null;
 
-		if(!empty($parms['url']) && !empty($model)) // ie. use e_url.php
+		if (!empty($parms['url']) && !empty($model)) // ie. use e_url.php
 		{
 			//$plugin = $this->getController()->getPluginName();
-			if($plugin = e107::getRegistry('core/adminUI/currentPlugin'))
+			if ($plugin = e107::getRegistry('core/adminUI/currentPlugin'))
 			{
 				$data = $model->getData();
-				$link = e107::url($plugin,$parms['url'],$data);
+				$link = e107::url($plugin, $parms['url'], $data);
 			}
 		}
-		elseif(!empty($model)) // old way.
+		elseif (!empty($model)) // old way.
 		{
 			$tp = e107::getParser();
 
 			$data = $model->getData();
 
-			$link       = str_replace('[id]',$id,$parms['link']);
-			$link       = $tp->replaceConstants($link); // SEF URL is not important since we're in admin.
+			$link = str_replace('[id]', $id, $parms['link']);
+			$link = $tp->replaceConstants($link); // SEF URL is not important since we're in admin.
 
-			if($parms['link'] === 'sef' )
+			if ($parms['link'] === 'sef')
 			{
-				if(!$model->getUrl())
+				if (!$model->getUrl())
 				{
 					/** @var e_admin_controller_ui $controller */
 					$controller = $this->getController();
@@ -4909,7 +4932,14 @@ var_dump($select_options);*/
 					// in case something goes wrong...
 		if($link)
 		{
-			return "<a class='e-tip{$dialog}' {$ext} href='".$link."' {$modal} title='".varset($parms['title'],LAN_EFORM_010)."' >".$value. '</a>';
+			$attributes = [
+					'class' => "e-tip{$dialog}",
+					'rel'   => $ext,
+					'href'  => $link,
+					'title' => varset($parms['title'], LAN_EFORM_010),
+				] + $modal;
+
+			return "<a" . $this->attributes($attributes) . ">" . $value . '</a>';
 		}
 
 		return $value;
@@ -4945,7 +4975,12 @@ var_dump($select_options);*/
 		{
 			$mode = preg_replace('/[\W]/', '', vartrue($_GET['mode']));
 			$from = (int) vartrue($_GET['from'], 0);
-			$text .= "<a class='e-sort sort-trigger btn btn-default' style='cursor:move' data-target='".e_SELF."?mode={$mode}&action=sort&ajax_used=1&from={$from}' title='".LAN_RE_ORDER."'>".ADMIN_SORT_ICON. '</a> ';
+			$text .= "<a" . $this->attributes([
+					'class'       => 'e-sort sort-trigger btn btn-default',
+					'style'       => 'cursor:move',
+					'data-target' => e_SELF . "?mode=$mode&action=sort&ajax_used=1&from=$from",
+					'title'       => LAN_RE_ORDER,
+				]) . ">" . ADMIN_SORT_ICON . '</a> ';
 		}
 
 
@@ -4966,23 +5001,31 @@ var_dump($select_options);*/
 			if(!empty($parms['target']) && $parms['target'] === 'modal')
 			{
 				$eModal = ' e-modal ';
-				$eModalCap = !empty($parms['modalCaption']) ? "data-modal-caption='".$parms['modalCaption']."'" : "data-modal-caption='#".$id."'";
+				$eModalCap = !empty($parms['modalCaption']) ? $parms['modalCaption'] : "#" . $id;
 				$query['iframe'] = 1;
 			}
 			else
 			{
 				$eModal = '';
-				$eModalCap = '';
+				$eModalCap = null;
 			}
 
-			if(!empty($parms['modalSubmit']))
+			if (!empty($parms['modalSubmit']))
 			{
 				$eModalCap .= " data-modal-submit='true'";
 			}
 
-			$query = http_build_query($query, '', '&amp;');
-			$text .= "<a href='".e_SELF."?{$query}' class='btn btn-default btn-secondary".$eModal."' ".$eModalCap." title='".LAN_EDIT."' data-toggle='tooltip' data-bs-toggle='tooltip' data-placement='left'>
-				".$editIconDefault. '</a>';
+			$query = http_build_query($query);
+			$text .= "<a" . $this->attributes([
+					'href'               => e_SELF . "?$query",
+					'class'              => "btn btn-default btn-secondary$eModal",
+					'data-modal-caption' => $eModalCap,
+					'title'              => LAN_EDIT,
+					'data-toggle'        => 'tooltip',
+					'data-bs-toggle'     => 'tooltip',
+					'data-placement'     => 'left',
+				]) . ">
+				" . $editIconDefault . '</a>';
 		}
 
 		$delcls = !empty($attributes['noConfirm']) ? ' no-confirm' : '';
@@ -5345,7 +5388,7 @@ var_dump($select_options);*/
 				if(empty($value))
 				{
 					$value = '-';
-					$setValue = "data-value=''";
+					$setValue = null;
 				}
 				else
 				{
@@ -5353,7 +5396,7 @@ var_dump($select_options);*/
 
 					if($attributes['type'] === 'tags' && !empty($value))
 					{
-						$setValue = "data-value='" . $value . "'";
+						$setValue = $value;
 						$value = str_replace(',', ', ', $value); // add spaces so it wraps, but don't change the actual values.
 					}
 				}
@@ -5371,7 +5414,20 @@ var_dump($select_options);*/
 					$tpl = $this->text($field, $value, 80, $options);
 
 					$mode = preg_replace('/[\W]/', '', vartrue($_GET['mode']));
-					$value = "<a id='" . $field . '_' . $id . "' class='e-tip e-editable editable-click editable-tags' data-emptytext='-' data-tpl='" . str_replace("'", '"', $tpl) . "' data-name='" . $field . "' data-token='".$this->inlineToken()."' title=\"" . LAN_EDIT . ' ' . $attributes['title'] . "\" data-type='text' data-pk='" . $id . "' " . $setValue . " data-url='" . e_SELF . "?mode={$mode}&amp;action=inline&amp;id={$id}&amp;ajax_used=1' href='#'>" . $value . '</a>';
+					$value = "<a" . $this->attributes([
+							'id'             => "{$field}_{$id}",
+							'class'          => 'e-tip e-editable editable-click editable-tags',
+							'data-emptytext' => '-',
+							'data-tpl'       => $tpl,
+							'data-name'      => $field,
+							'data-token'     => $this->inlineToken(),
+							'title'          => LAN_EDIT . ' ' . $attributes['title'],
+							'data-type'      => 'text',
+							'data-pk'        => $id,
+							'data-value'     => $setValue,
+							'data-url'       => e_SELF . "?mode=$mode&action=inline&id=$id&ajax_used=1",
+							'href'           => '#',
+						]) . ">" . $value . '</a>';
 				}
 
 				$value = vartrue($parms['pre']) . $value . vartrue($parms['post']);
@@ -5408,15 +5464,11 @@ var_dump($select_options);*/
 				if(empty($value))
 				{
 					$value = '-';
-					$setValue = "data-value=''";
 				}
 				else
 				{
-					$setValue = '';
-
 					if($attributes['type'] === 'tags' && !empty($value))
 					{
-						$setValue = "data-value='".$value."'";
 						$value = str_replace(',', ', ', $value); // add spaces so it wraps, but don't change the actual values.
 					}
 				}
@@ -5605,24 +5657,36 @@ var_dump($select_options);*/
 						$thparms['alt'] = $alt;
 						$thparms['class'] = 'thumbnail e-thumb';
 
-					//	e107::getDebug()->log($value);
+						//	e107::getDebug()->log($value);
 
 						$ttl = $tp->toImage($value, $thparms);
 
-						if($createLink === false)
+						if ($createLink === false)
 						{
 							return $ttl;
 						}
 
 
-						$value = '<a href="'.$src.'" data-modal-caption="'.$alt.'" data-target="#uiModal" class="e-modal e-image-preview" title="'.$alt.'" rel="external">'.$ttl.'</a>';
+						$value = '<a' . $this->attributes([
+								'href'               => $src,
+								'data-modal-caption' => $alt,
+								'data-target'        => '#uiModal',
+								'class'              => "e-modal e-image-preview",
+								'title'              => $alt,
+								'rel'                => 'external',
+							]) . '>' . $ttl . '</a>';
 					}
 					else
 					{
-						$src = $tp->replaceConstants(vartrue($parms['pre']).$value, 'abs');
+						$src = $tp->replaceConstants(vartrue($parms['pre']) . $value, 'abs');
 						$alt = $src; //basename($value);
 						$ttl = vartrue($parms['title'], 'LAN_PREVIEW');
-						$value = '<a href="'.$src.'" class="e-image-preview" title="'.$alt.'" rel="external">'.defset($ttl, $ttl).'</a>';
+						$value = '<a' . $this->attributes([
+								'href'  => $src,
+								'class' => "e-image-preview",
+								'title' => $alt,
+								'rel'   => 'external',
+							]) . '>' . defset($ttl, $ttl) . '</a>';
 					}
 				}
 				elseif(!empty($parms['fallback']))
@@ -5726,14 +5790,26 @@ var_dump($select_options);*/
 				if(!vartrue($attributes['noedit']) && vartrue($parms['editable']) && !vartrue($parms['link'])) // avoid bad markup, better solution coming up
 				{
 					$uc_options = vartrue($parms['classlist'], 'public,guest, nobody,member,admin,main,classes'); // defaults to 'public,guest,nobody,member,classes' (userclass handler)
-					$array      = e107::getUserClass()->uc_required_class_list($uc_options); //XXX Ugly looking (non-standard) function naming - TODO discuss name change.
+					$array = e107::getUserClass()->uc_required_class_list($uc_options); //XXX Ugly looking (non-standard) function naming - TODO discuss name change.
 
 					//$mode = preg_replace('/[^\w]/', '', vartrue($_GET['mode'], ''));
-					$mode       = $tp->filter(vartrue($_GET['mode']),'w');
-					$source     = str_replace('"',"'",json_encode($array, JSON_FORCE_OBJECT));
+					$mode = $tp->filter(vartrue($_GET['mode']), 'w');
+					$source = str_replace('"', "'", json_encode($array, JSON_FORCE_OBJECT));
 
 					//NOTE Leading ',' required on $value; so it picks up existing value.
-					$value = "<a class='e-tip e-editable editable-click' data-placement='bottom' data-value=',".$value."' data-name='".$field."' data-source=\"".$source. '" title="' .LAN_EDIT. ' ' .$attributes['title']."\" data-type='checklist' data-pk='".$id."' data-token='".$this->inlineToken()."' data-url='".e_SELF."?mode={$mode}&amp;action=inline&amp;id={$id}&amp;ajax_used=1' href='#'>".$dispvalue. '</a>';
+					$value = "<a" . $this->attributes([
+							'class'          => "e-tip e-editable editable-click",
+							'data-placement' => 'bottom',
+							'data-value'     => ",$value",
+							'data-name'      => $field,
+							'data-source'    => $source,
+							'title'          => LAN_EDIT . ' ' . $attributes['title'],
+							'data-type'      => 'checklist',
+							'data-pk'        => $id,
+							'data-token'     => $this->inlineToken(),
+							'data-url'       => e_SELF . "?mode=$mode&action=inline&id=$id&ajax_used=1",
+							'href'           => '#',
+						]) . ">" . $dispvalue . '</a>';
 				}
 				else 
 				{
@@ -5800,9 +5876,14 @@ var_dump($select_options);*/
 				if(!empty($parms['link']) && $id && $ttl && is_numeric($id))
 				{
 					// Stay in admin area.
-					$link = e_ADMIN. 'users.php?mode=main&action=edit&id=' .$id. '&readonly=1&iframe=1'; // e107::getUrl()->create('user/profile/view', array('id' => $id, 'name' => $ttl))
+					$link = e_ADMIN . 'users.php?mode=main&action=edit&id=' . $id . '&readonly=1&iframe=1'; // e107::getUrl()->create('user/profile/view', array('id' => $id, 'name' => $ttl))
 
-					$value = '<a class="e-modal" data-modal-caption="User #'.$id.' : '.$ttl.'" href="'.$link.'" title="'.LAN_EFORM_011.'">'.$ttl.'</a>';
+					$value = '<a' . $this->attributes([
+							'class'              => "e-modal",
+							'data-modal-caption' => "User #$id : $ttl",
+							'href'               => $link,
+							'title'              => LAN_EFORM_011
+						]) . '>' . $ttl . '</a>';
 				}
 				else
 				{
@@ -5816,11 +5897,24 @@ var_dump($select_options);*/
 					$fieldID = $this->name2id($field . '_' . microtime(true));
 					// Unique ID for each rows.
 					$eEditableID = $this->name2id($fieldID . '_' . $row_id);
-				//	$tpl = $this->userpicker($field, '', $ttl, $id, array('id' => $fieldID, 'selectize' => array('e_editable' => $eEditableID)));
+					//	$tpl = $this->userpicker($field, '', $ttl, $id, array('id' => $fieldID, 'selectize' => array('e_editable' => $eEditableID)));
 
-					$tpl = $this->userpicker($fieldID, array('user_id'=>$id, 'user_name'=>$ttl),  array('id' => $fieldID, 'inline' => $eEditableID));
+					$tpl = $this->userpicker($fieldID, array('user_id' => $id, 'user_name' => $ttl), array('id' => $fieldID, 'inline' => $eEditableID));
 					$mode = preg_replace('/[\W]/', '', vartrue($_GET['mode']));
-					$value = "<a id='" . $eEditableID . "' class='e-tip e-editable editable-click editable-userpicker' data-clear='false' data-token='".$this->inlineToken()."' data-tpl='" . str_replace("'", '"', $tpl) . "' data-name='" . $field . "' title=\"" . LAN_EDIT . ' ' . $attributes['title'] . "\" data-type='text' data-pk='" . $row_id . "' data-value='" . $id . "' data-url='" . e_SELF . "?mode={$mode}&amp;action=inline&amp;id={$row_id}&amp;ajax_used=1' href='#'>" . $ttl . '</a>';
+					$value = "<a" . $this->attributes([
+							'id'         => $eEditableID,
+							'class'      => 'e-tip e-editable editable-click editable-userpicker',
+							'data-clear' => 'false',
+							'data-token' => $this->inlineToken(),
+							'data-tpl'   => $tpl,
+							'data-name'  => $field,
+							'title'      => LAN_EDIT . ' ' . $attributes['title'],
+							'data-type'  => 'text',
+							'data-pk'    => $row_id,
+							'data-value' => $id,
+							'data-url'   => e_SELF . "?mode=$mode&action=inline&id=$row_id&ajax_used=1",
+							'href'       => '#'
+						]) . ">" . $ttl . '</a>';
 				}
 				
 			break;
@@ -5896,37 +5990,47 @@ var_dump($select_options);*/
 					break;
 				}
 				$ttl = $value;
-				if(!empty($parms['href']))
+				if (!empty($parms['href']))
 				{
-					return $tp->replaceConstants(vartrue($parms['pre']).$value, varset($parms['replace_mod'],'abs'));
+					return $tp->replaceConstants(vartrue($parms['pre']) . $value, varset($parms['replace_mod'], 'abs'));
 				}
-				if(!empty($parms['truncate']))
+				if (!empty($parms['truncate']))
 				{
 					$ttl = $tp->text_truncate($value, $parms['truncate'], '...');
 				}
 
-				$target = (!empty($parms['target'])) ? " target='".$parms['target']."' " : '';
-				$class = (!empty($parms['class'])) ? " class='".$parms['class']."' " : '';
+				$target = (!empty($parms['target'])) ? $parms['target'] : null;
+				$class = (!empty($parms['class'])) ? $parms['class'] : null;
 
-				$value = '<a ' .$target.$class."href='".$tp->replaceConstants(vartrue($parms['pre']).$value, 'abs')."' title='{$value}'>".$ttl. '</a>';
-			break;
+				$value = '<a' . $this->attributes([
+						'target' => $target,
+						'class'  => $class,
+						'href'   => $tp->replaceConstants(vartrue($parms['pre']) . $value, 'abs'),
+						'title'  => $value,
+					]) . ">" . $ttl . '</a>';
+				break;
 
 			case 'email':
-				if(!$value)
+				if (!$value)
 				{
 					break;
 				}
 				$ttl = $value;
-				if(!empty($parms['truncate']))
+				if (!empty($parms['truncate']))
 				{
 					$ttl = $tp->text_truncate($value, $parms['truncate'], '...');
 				}
 
-				$target = (!empty($parms['target'])) ? " target='".$parms['target']."' " : '';
-				$class = (!empty($parms['class'])) ? " class='".$parms['class']."' " : '';
+				$target = (!empty($parms['target'])) ? $parms['target'] : null;
+				$class = (!empty($parms['class'])) ? $parms['class'] : null;
 
-				$value = '<a ' .$target.$class."href='mailto:".$value."' title='{$value}'>".$ttl. '</a>';
-			break;
+				$value = '<a' . $this->attributes([
+						'target' => $target,
+						'class'  => $class,
+						'href'   => "mailto:$value",
+						'title'  => $value,
+					]) . ">" . $ttl . '</a>';
+				break;
 
 			case 'method': // Custom Function			
 				$method = varset($attributes['field']); // prevents table alias in method names. ie. u.my_method.
@@ -6108,11 +6212,20 @@ var_dump($select_options);*/
 	 */
 	public function renderElement($key, $value, $attributes, $required_data = array(), $id = 0)
 	{
+		// Workaround for accepting poorly normalized values from the database where the data would have been stored
+		// with HTML entities escaped.
+		$key = html_entity_decode($key, ENT_QUOTES);
 
-		if(!empty($value) && !empty($attributes['data']) && ($attributes['data'] === 'array' || $attributes['data'] === 'json'))
+		if (!empty($value) && !empty($attributes['data']) && ($attributes['data'] === 'array' || $attributes['data'] === 'json'))
 		{
 			$value = e107::unserialize($value);
 		}
+		elseif (is_string($value))
+		{
+			// Workaround for accepting poorly normalized values from the database where the data would have been stored
+			// with HTML entities escaped.
+			$value = html_entity_decode($value, ENT_QUOTES);
+		}
 
 		$tp = e107::getParser();
 		$ret = '';
@@ -6276,7 +6389,7 @@ var_dump($select_options);*/
 				{
 					$sefSource = $this->name2id($parms['sef']);
 					$sefTarget = $this->name2id($key);
-					if(!empty($parms['tdClassRight']))
+					if (!empty($parms['tdClassRight']))
 					{
 						$parms['tdClassRight'] .= 'input-group';
 					}
@@ -6285,7 +6398,12 @@ var_dump($select_options);*/
 						$parms['tdClassRight'] = 'input-group';
 					}
 
-					$parms['post'] = "<span class='form-inline input-group-btn pull-left'><a class='e-sef-generate btn btn-default' data-src='".$sefSource."' data-target='".$sefTarget."' data-sef-generate-confirm=\"".LAN_WILL_OVERWRITE_SEF. ' ' .LAN_JSCONFIRM. '">' .LAN_GENERATE. '</a></span>';
+					$parms['post'] = "<span class='form-inline input-group-btn pull-left'><a" . $this->attributes([
+							'class'                     => 'e-sef-generate btn btn-default',
+							'data-src'                  => $sefSource,
+							'data-target'               => $sefTarget,
+							'data-sef-generate-confirm' => LAN_WILL_OVERWRITE_SEF . ' ' . LAN_JSCONFIRM,
+						]) . '>' . LAN_GENERATE . '</a></span>';
 				}
 
 				if(!empty($parms['password'])) // password mechanism without the md5 storage. 
@@ -6332,8 +6450,12 @@ var_dump($select_options);*/
 
 				if(!empty($parms['maxlength']) && empty($parms['post']))
 				{
-					$charMsg = e107::getParser()->lanVars(defset('LAN_X_CHARS_REMAINING', '[x] chars remaining'),"<span>".$parms['maxlength']."</span>");
-					$parms['post'] = "<small id='". $this->name2id($key)."-char-count' class='text-muted' style='display:none'>".$charMsg."</small>";
+					$charMsg = e107::getParser()->lanVars(defset('LAN_X_CHARS_REMAINING', '[x] chars remaining'), "<span>" . $parms['maxlength'] . "</span>");
+					$parms['post'] = "<small" . $this->attributes([
+							'id'    => $this->name2id($key) . "-char-count",
+							'class' => 'text-muted',
+							'style' => 'display:none',
+						]) . ">" . $charMsg . "</small>";
 				}
 
 				$text .= vartrue($parms['pre']).$this->textarea($key, $value, vartrue($parms['rows'], 5), vartrue($parms['cols'], 40), vartrue($parms['__options'],$parms), varset($parms['counter'], false)).vartrue($parms['post']);
@@ -6844,17 +6966,25 @@ var_dump($select_options);*/
 		foreach($parms['optArray'] as $key=>$val)
 		{
 
-			$thumbnail    = e107::getParser()->toImage($val['thumbnail'],$parms);
-			$selected = ($key === $value) ? " checked='checked'" : '';
+			$thumbnail = e107::getParser()->toImage($val['thumbnail'], $parms);
 			$active = ($key === $value) ? ' active' : '';
 
-			$text .= "<div class='e-image-radio ".$class."' >
-							<label class='theme-selection".$active."' title=\"".varset($val['title'])."\"><input type='radio' name='".$name."' value='".$key."' required='required' $selected />
-							<div>".$thumbnail. "</div></label>
+			$text .= "<div class='e-image-radio " . $class . "' >
+							<label" . $this->attributes([
+					'class' => "theme-selection$active",
+					'title' => varset($val['title']),
+				]) . "><input" . $this->attributes([
+					'type'     => 'radio',
+					'name'     => $name,
+					'value'    => $key,
+					'required' => true,
+					'checked'  => $key === $value,
+				]) . " />
+							<div>" . $thumbnail . "</div></label>
 						";
 
-			$text .= isset($val['label']) ? "<div class='e-image-radio-label'>".$val['label']."</div>" : '';
-				$text .= "
+			$text .= isset($val['label']) ? "<div class='e-image-radio-label'>" . $val['label'] . "</div>" : '';
+			$text .= "
 			</div>";
 
 		}
@@ -6878,10 +7008,18 @@ var_dump($select_options);*/
 		{
 
 			$thumbnail    = e107::getParser()->toImage($val,$parms);
-			$selected = ($val == $value) ? ' checked' : '';
-				$text .= "
+			$text .= "
 									<div class='col-md-2 e-image-radio' >
-										<label class='theme-selection' title=\"".varset($parms['titles'][$key],$key)."\"><input type='radio' name='".$name."' value='{$val}' required='required' $selected />
+										<label" . $this->attributes([
+						'class' => 'theme-selection',
+						'title' => varset($parms['titles'][$key], $key),
+					]) . "><input" . $this->attributes([
+						'type'     => 'radio',
+						'name'     => $name,
+						'value'    => $val,
+						'required' => true,
+						'checked'  => ($val === $value),
+					]) . " />
 										<div>".$thumbnail. "</div>
 										</label>";
 
@@ -6928,6 +7066,7 @@ var_dump($select_options);*/
 	 * $tree_models['myplugin'] = new e_admin_tree_model($data);
 	 * </code>
 	 * TODO - move fieldset & table generation in separate methods, needed for ajax calls
+	 * @todo {@see htmlspecialchars()} at the template, not in the client code
 	 * @param array $form_options
 	 * @param e_admin_tree_model $tree_model
 	 * @param boolean $nocontainer don't enclose form in div container
@@ -7873,7 +8012,9 @@ var_dump($select_options);*/
 	}
 }
 
-// DEPRECATED - use above methods instead ($frm)
+/**
+ * @deprecated 2.0-beta1 Use {@see e_form} instead.
+ */
 class form 
 {
 	public function form_open($form_method, $form_action, $form_name = '', $form_target = '', $form_enctype = '', $form_js = '')
diff --git a/e107_tests/tests/unit/e_formTest.php b/e107_tests/tests/unit/e_formTest.php
index e7031f612..90cdd9469 100644
--- a/e107_tests/tests/unit/e_formTest.php
+++ b/e107_tests/tests/unit/e_formTest.php
@@ -314,12 +314,29 @@ class e_formTest extends \Codeception\Test\Unit
 			{
 
 			}
+	*/
 
-			public function testText()
-			{
+	public function testText()
+	{
+		$result = $this->_frm->renderElement('crazy"key', "crazy'value", ['type' => 'text']);
+		$this->assertEquals(
+			"<input type='text' name='crazy&quot;key' value='crazy&#039;value' maxlength='255' "
+			. " id='crazy&quot;key' class='tbox form-control' />",
+			$result
+		);
+	}
 
-			}
+	public function testTextBadNormalizationSource()
+	{
+		$result = $this->_frm->renderElement('crazy&quot;key', "crazy&#039;value", ['type' => 'text']);
+		$this->assertEquals(
+			"<input type='text' name='crazy&quot;key' value='crazy&#039;value' maxlength='255' "
+			. " id='crazy&quot;key' class='tbox form-control' />",
+			$result
+		);
+	}
 
+	/*
 			public function testNumber()
 			{
 
@@ -591,7 +608,7 @@ class e_formTest extends \Codeception\Test\Unit
 		$actual = $this->_frm->select('name', $opt_array, $selected,null,true);
 
 		$actual = str_replace("\n", "", $actual);
-		$expected = "<select name='name' id='name' class='tbox select form-control' tabindex='3'><option value=''>&nbsp;</option><option value='1'>Option 1</option><option value='2'>Option 2</option><option value='3' selected='selected'>Option 3</option></select>";
+		$expected = "<select name='name' id='name' class='tbox select form-control' tabindex='3'><option>&nbsp;</option><option value='1'>Option 1</option><option value='2'>Option 2</option><option value='3' selected='selected'>Option 3</option></select>";
 
 		$this->assertSame($expected,$actual);
 
@@ -799,7 +816,7 @@ class e_formTest extends \Codeception\Test\Unit
 					  1 => "<button data-loading-icon='fa-spinner' type='submit' name='form_update' value='1' id='form-update' class='btn update btn-custom btn-success' data-my-value='365'><span>1</span></button>",
 					  2 => "<button data-loading-icon='fa-spinner' type='submit' name='form_noaction' value='go' id='form-noaction' class='btn btn-default' data-my-value='365'><span>go</span></button>",
 					  3 => "<button data-loading-icon='fa-spinner' type='submit' name='form_checkall' value='1' id='form-checkall' class='btn checkall btn-default btn-mini btn-xs' data-my-value='365'><span>Check All</span></button>",
-					  4 => "<button  type='submit' name='form_submit' value='My Label' id='form-submit' class='btn btn-default'><span>My Label</span></button>",
+					  4 => "<button type='submit' name='form_submit' value='My Label' id='form-submit' class='btn btn-default'><span>My Label</span></button>",
 				);
 
 			//	$ret = [];
@@ -966,8 +983,8 @@ class e_formTest extends \Codeception\Test\Unit
 
 			'layout_001'    => 'default',
 			'layout_002'    => 'default',
-			'image_001'    => "<a href=\"".e_HTTP."e107_themes/bootstrap3/images/e107_adminlogo.png\" data-modal-caption=\"e107_adminlogo.png\" data-target=\"#uiModal\" class=\"e-modal e-image-preview\" title=\"e107_adminlogo.png\" rel=\"external\"><img class=\"thumbnail e-thumb\" src=\"".e_HTTP."thumb.php?src=e_THEME%2Fbootstrap3%2Fimages%2Fe107_adminlogo.png&amp;w=60&amp;h=0\" alt=\"e107_adminlogo.png\" srcset=\"".e_HTTP."thumb.php?src=e_THEME%2Fbootstrap3%2Fimages%2Fe107_adminlogo.png&amp;w=240&amp;h=0 4x\" width=\"60\"  /></a>",
-			'image_002'     => "<a href=\"".e_HTTP."e107_files/downloadimages/butterfly.jpg\" data-modal-caption=\"butterfly.jpg\" data-target=\"#uiModal\" class=\"e-modal e-image-preview\" title=\"butterfly.jpg\" rel=\"external\"><img class=\"thumbnail e-thumb\" src=\"".e_HTTP."e107_files/downloadimages/butterfly.jpg\" alt=\"butterfly.jpg\" width=\"60\"  /></a>",
+			'image_001'    => "<a href='".e_HTTP."e107_themes/bootstrap3/images/e107_adminlogo.png' data-modal-caption='e107_adminlogo.png' data-target='#uiModal' class='e-modal e-image-preview' title='e107_adminlogo.png' rel='external'><img class=\"thumbnail e-thumb\" src=\"".e_HTTP."thumb.php?src=e_THEME%2Fbootstrap3%2Fimages%2Fe107_adminlogo.png&amp;w=60&amp;h=0\" alt=\"e107_adminlogo.png\" srcset=\"".e_HTTP."thumb.php?src=e_THEME%2Fbootstrap3%2Fimages%2Fe107_adminlogo.png&amp;w=240&amp;h=0 4x\" width=\"60\"  /></a>",
+			'image_002'     => "<a href='".e_HTTP."e107_files/downloadimages/butterfly.jpg' data-modal-caption='butterfly.jpg' data-target='#uiModal' class='e-modal e-image-preview' title='butterfly.jpg' rel='external'><img class=\"thumbnail e-thumb\" src=\"".e_HTTP."e107_files/downloadimages/butterfly.jpg\" alt=\"butterfly.jpg\" width=\"60\"  /></a>",
 
 
 			'checkboxes_001'       => 'Check Opt 2, Check Opt 3',
@@ -1063,10 +1080,10 @@ class e_formTest extends \Codeception\Test\Unit
 		date_default_timezone_set('America/Phoenix');
 
 		$expected = array(
-			'text_001' => "<input type='text' name='text_001' value='some text' maxlength=255  id='text-001' class='tbox form-control input-xlarge' tabindex='1' />",
+			'text_001' => "<input type='text' name='text_001' value='some text' maxlength='255'  id='text-001' class='tbox form-control input-xlarge' tabindex='1' />",
 
-			'number_001' => "<input type='number' name='number_001'  min='0'  step='1' value='555'  id='number-001' class='tbox number e-spinner  input-small form-control' tabindex='2' pattern='^[0-9]*' />",
-			'number_002' => "<input type='number' name='number_002'  min='0'  step='1' value='444'  id='number-002' class='tbox number e-spinner  input-small form-control' tabindex='3' pattern='^[0-9]*' />",
+			'number_001' => "<input type='number' name='number_001' value='555' min='0' step='1'  id='number-001' class='tbox number e-spinner  input-small form-control' tabindex='2' pattern='^[0-9]*' />",
+			'number_002' => "<input type='number' name='number_002' value='444' min='0' step='1'  id='number-002' class='tbox number e-spinner  input-small form-control' tabindex='3' pattern='^[0-9]*' />",
 
 			'bool_001' => "<label class='radio-inline form-check-inline'><input class='form-check-input' type='radio' name='bool_001' value='1' checked='checked' /> <span>On</span></label> 	<label class='radio-inline form-check-inline'><input class='form-check-input' type='radio' name='bool_001' value='0' /> <span>Off</span></label>",
 			'bool_002' => "<label class='radio-inline form-check-inline'><input class='form-check-input' type='radio' name='bool_002' value='1' checked='checked' /> <span>On</span></label> 	<label class='radio-inline'><input type='radio' name='bool_002' value='0' /> <span>Off</span></label>",
@@ -1081,35 +1098,35 @@ class e_formTest extends \Codeception\Test\Unit
 			'layout_001'    => "<select name='layout_001' id='news_view' class='tbox select form-control' tabindex='6'><option value='default' selected='selected'>Default</option><option value='videos'>Videos (experimental)</option><option value='nav'>Nav</option></select>",
 			'layout_002'    => "<select name='layout_002' id='news_view' class='tbox select form-control' tabindex='7'><option value='default' selected='selected'>Default</option><option value='videos'>Videos (experimental)</option><option value='nav'>Nav</option></select>",
 
-			'image_001'     => "<a href=\"".e_HTTP."e107_themes/bootstrap3/images/e107_adminlogo.png\" data-modal-caption=\"e107_adminlogo.png\" data-target=\"#uiModal\" class=\"e-modal e-image-preview\" title=\"e107_adminlogo.png\" rel=\"external\"><img class=\"thumbnail e-thumb\" src=\"".e_HTTP."thumb.php?src=e_THEME%2Fbootstrap3%2Fimages%2Fe107_adminlogo.png&amp;w=60&amp;h=0\" alt=\"e107_adminlogo.png\" srcset=\"".e_HTTP."thumb.php?src=e_THEME%2Fbootstrap3%2Fimages%2Fe107_adminlogo.png&amp;w=240&amp;h=0 4x\" width=\"60\"  /></a><input type='hidden' name='image_001' value='{e_THEME}bootstrap3/images/e107_adminlogo.png' id='image-001-e-THEME-bootstrap3-images-e107-adminlogo-png' />",
-			'image_002'     => "<a href=\"".e_HTTP."e107_files/downloadimages/butterfly.jpg\" data-modal-caption=\"butterfly.jpg\" data-target=\"#uiModal\" class=\"e-modal e-image-preview\" title=\"butterfly.jpg\" rel=\"external\"><img class=\"thumbnail e-thumb\" src=\"".e_HTTP."e107_files/downloadimages/butterfly.jpg\" alt=\"butterfly.jpg\" width=\"60\"  /></a><input type='hidden' name='image_002' value='butterfly.jpg' id='image-002-butterfly-jpg' />",
+			'image_001'     => "<a href='".e_HTTP."e107_themes/bootstrap3/images/e107_adminlogo.png' data-modal-caption='e107_adminlogo.png' data-target='#uiModal' class='e-modal e-image-preview' title='e107_adminlogo.png' rel='external'><img class=\"thumbnail e-thumb\" src=\"".e_HTTP."thumb.php?src=e_THEME%2Fbootstrap3%2Fimages%2Fe107_adminlogo.png&amp;w=60&amp;h=0\" alt=\"e107_adminlogo.png\" srcset=\"".e_HTTP."thumb.php?src=e_THEME%2Fbootstrap3%2Fimages%2Fe107_adminlogo.png&amp;w=240&amp;h=0 4x\" width=\"60\"  /></a><input type='hidden' name='image_001' value='{e_THEME}bootstrap3/images/e107_adminlogo.png' id='image-001-e-THEME-bootstrap3-images-e107-adminlogo-png' />",
+			'image_002'     => "<a href='".e_HTTP."e107_files/downloadimages/butterfly.jpg' data-modal-caption='butterfly.jpg' data-target='#uiModal' class='e-modal e-image-preview' title='butterfly.jpg' rel='external'><img class=\"thumbnail e-thumb\" src=\"".e_HTTP."e107_files/downloadimages/butterfly.jpg\" alt=\"butterfly.jpg\" width=\"60\"  /></a><input type='hidden' name='image_002' value='butterfly.jpg' id='image-002-butterfly-jpg' />",
 
 			'checkboxes_001'       => "<div id='checkboxes-001-container' class='checkboxes checkbox' style='display:inline-block'><label class='checkbox form-check'><input type='checkbox' name='checkboxes_001[1]' value='1' id='checkboxes-001-1-1' class='form-check-input' checked='checked' tabindex='8' /><span>Check Opt 1</span></label><label class='checkbox form-check'><input type='checkbox' name='checkboxes_001[2]' value='1' id='checkboxes-001-2-1' class='form-check-input' tabindex='9' /><span>Check Opt 2</span></label><label class='checkbox form-check'><input type='checkbox' name='checkboxes_001[3]' value='1' id='checkboxes-001-3-1' class='form-check-input' tabindex='10' /><span>Check Opt 3</span></label><label class='checkbox form-check'><input type='checkbox' name='checkboxes_001[4]' value='1' id='checkboxes-001-4-1' class='form-check-input' tabindex='11' /><span><img src=\"images/foo.jpg\" /></span></label></div>",
-			'country_001'       => "<select name='country_001' id='country-001' class='tbox select form-control' tabindex='12'><option value=''> </option><option value='af'>Afghanistan</option><option value='al'>Albania</option><option value='dz'>Algeria</option><option value='as'>American Samoa</option><option value='ad'>Andorra</option><option value='ao'>Angola</option><option value='ai'>Anguilla</option><option value='aq'>Antarctica</option><option value='ag'>Antigua and Barbuda</option><option value='ar'>Argentina</option><option value='am'>Armenia</option><option value='aw'>Aruba</option><option value='au' selected='selected'>Australia</option><option value='at'>Austria</option><option value='az'>Azerbaijan</option><option value='bs'>Bahamas</option><option value='bh'>Bahrain</option><option value='bd'>Bangladesh</option><option value='bb'>Barbados</option><option value='by'>Belarus</option><option value='be'>Belgium</option><option value='bz'>Belize</option><option value='bj'>Benin</option><option value='bm'>Bermuda</option><option value='bt'>Bhutan</option><option value='bo'>Bolivia</option><option value='ba'>Bosnia-Herzegovina</option><option value='bw'>Botswana</option><option value='bv'>Bouvet Island</option><option value='br'>Brazil</option><option value='io'>British Indian Ocean Territory</option><option value='bn'>Brunei Darussalam</option><option value='bg'>Bulgaria</option><option value='bf'>Burkina Faso</option><option value='bi'>Burundi</option><option value='kh'>Cambodia</option><option value='cm'>Cameroon</option><option value='ca'>Canada</option><option value='cv'>Cape Verde</option><option value='ky'>Cayman Islands</option><option value='cf'>Central African Republic</option><option value='td'>Chad</option><option value='cl'>Chile</option><option value='cn'>China</option><option value='cx'>Christmas Island</option><option value='cc'>Cocos (Keeling) Islands</option><option value='co'>Colombia</option><option value='km'>Comoros</option><option value='cg'>Congo</option><option value='cd'>Congo (Dem.Rep)</option><option value='ck'>Cook Islands</option><option value='cr'>Costa Rica</option><option value='hr'>Croatia</option><option value='cu'>Cuba</option><option value='cy'>Cyprus</option><option value='cz'>Czech Republic</option><option value='dk'>Denmark</option><option value='dj'>Djibouti</option><option value='dm'>Dominica</option><option value='do'>Dominican Republic</option><option value='tp'>East Timor</option><option value='ec'>Ecuador</option><option value='eg'>Egypt</option><option value='sv'>El Salvador</option><option value='gq'>Equatorial Guinea</option><option value='er'>Eritrea</option><option value='ee'>Estonia</option><option value='et'>Ethiopia</option><option value='fk'>Falkland Islands</option><option value='fo'>Faroe Islands</option><option value='fj'>Fiji</option><option value='fi'>Finland</option><option value='fr'>France</option><option value='gf'>French Guyana</option><option value='tf'>French Southern Territories</option><option value='ga'>Gabon</option><option value='gm'>Gambia</option><option value='ge'>Georgia</option><option value='de'>Germany</option><option value='gh'>Ghana</option><option value='gi'>Gibraltar</option><option value='gr'>Greece</option><option value='gl'>Greenland</option><option value='gd'>Grenada</option><option value='gp'>Guadeloupe (French)</option><option value='gu'>Guam (USA)</option><option value='gt'>Guatemala</option><option value='gn'>Guinea</option><option value='gw'>Guinea Bissau</option><option value='gy'>Guyana</option><option value='ht'>Haiti</option><option value='hm'>Heard and McDonald Islands</option><option value='hn'>Honduras</option><option value='hk'>Hong Kong</option><option value='hu'>Hungary</option><option value='is'>Iceland</option><option value='in'>India</option><option value='id'>Indonesia</option><option value='ir'>Iran</option><option value='iq'>Iraq</option><option value='ie'>Ireland</option><option value='il'>Israel</option><option value='it'>Italy</option><option value='ci'>Ivory Coast (Cote D'Ivoire)</option><option value='jm'>Jamaica</option><option value='jp'>Japan</option><option value='jo'>Jordan</option><option value='kz'>Kazakhstan</option><option value='ke'>Kenya</option><option value='ki'>Kiribati</option><option value='kp'>Korea (North)</option><option value='kr'>Korea (South)</option><option value='kw'>Kuwait</option><option value='kg'>Kyrgyzstan</option><option value='la'>Laos</option><option value='lv'>Latvia</option><option value='lb'>Lebanon</option><option value='ls'>Lesotho</option><option value='lr'>Liberia</option><option value='ly'>Libya</option><option value='li'>Liechtenstein</option><option value='lt'>Lithuania</option><option value='lu'>Luxembourg</option><option value='mo'>Macau</option><option value='mk'>Macedonia</option><option value='mg'>Madagascar</option><option value='mw'>Malawi</option><option value='my'>Malaysia</option><option value='mv'>Maldives</option><option value='ml'>Mali</option><option value='mt'>Malta</option><option value='mh'>Marshall Islands</option><option value='mq'>Martinique (French)</option><option value='mr'>Mauritania</option><option value='mu'>Mauritius</option><option value='yt'>Mayotte</option><option value='mx'>Mexico</option><option value='fm'>Micronesia</option><option value='md'>Moldavia</option><option value='mc'>Monaco</option><option value='mn'>Mongolia</option><option value='me'>Montenegro</option><option value='ms'>Montserrat</option><option value='ma'>Morocco</option><option value='mz'>Mozambique</option><option value='mm'>Myanmar</option><option value='na'>Namibia</option><option value='nr'>Nauru</option><option value='np'>Nepal</option><option value='nl'>Netherlands</option><option value='an'>Netherlands Antilles</option><option value='nc'>New Caledonia (French)</option><option value='nz'>New Zealand</option><option value='ni'>Nicaragua</option><option value='ne'>Niger</option><option value='ng'>Nigeria</option><option value='nu'>Niue</option><option value='nf'>Norfolk Island</option><option value='mp'>Northern Mariana Islands</option><option value='no'>Norway</option><option value='om'>Oman</option><option value='pk'>Pakistan</option><option value='pw'>Palau</option><option value='pa'>Panama</option><option value='pg'>Papua New Guinea</option><option value='py'>Paraguay</option><option value='pe'>Peru</option><option value='ph'>Philippines</option><option value='pn'>Pitcairn Island</option><option value='pl'>Poland</option><option value='pf'>Polynesia (French)</option><option value='pt'>Portugal</option><option value='pr'>Puerto Rico</option><option value='ps'>Palestine</option><option value='qa'>Qatar</option><option value='re'>Reunion (French)</option><option value='ro'>Romania</option><option value='ru'>Russia</option><option value='rw'>Rwanda</option><option value='gs'>S. Georgia &amp; S. Sandwich Isls.</option><option value='sh'>Saint Helena</option><option value='kn'>Saint Kitts &amp; Nevis</option><option value='lc'>Saint Lucia</option><option value='pm'>Saint Pierre and Miquelon</option><option value='st'>Saint Tome (Sao Tome) and Principe</option><option value='vc'>Saint Vincent &amp; Grenadines</option><option value='ws'>Samoa</option><option value='sm'>San Marino</option><option value='sa'>Saudi Arabia</option><option value='sn'>Senegal</option><option value='rs'>Serbia</option><option value='sc'>Seychelles</option><option value='sl'>Sierra Leone</option><option value='sg'>Singapore</option><option value='sk'>Slovak Republic</option><option value='si'>Slovenia</option><option value='sb'>Solomon Islands</option><option value='so'>Somalia</option><option value='za'>South Africa</option><option value='es'>Spain</option><option value='lk'>Sri Lanka</option><option value='sd'>Sudan</option><option value='sr'>Suriname</option><option value='sj'>Svalbard and Jan Mayen Islands</option><option value='sz'>Swaziland</option><option value='se'>Sweden</option><option value='ch'>Switzerland</option><option value='sy'>Syria</option><option value='tj'>Tadjikistan</option><option value='tw'>Taiwan</option><option value='tz'>Tanzania</option><option value='th'>Thailand</option><option value='ti'>Tibet</option><option value='tg'>Togo</option><option value='tk'>Tokelau</option><option value='to'>Tonga</option><option value='tt'>Trinidad and Tobago</option><option value='tn'>Tunisia</option><option value='tr'>Turkey</option><option value='tm'>Turkmenistan</option><option value='tc'>Turks and Caicos Islands</option><option value='tv'>Tuvalu</option><option value='ug'>Uganda</option><option value='ua'>Ukraine</option><option value='ae'>United Arab Emirates</option><option value='gb'>United Kingdom</option><option value='us'>United States</option><option value='uy'>Uruguay</option><option value='um'>US Minor Outlying Islands</option><option value='uz'>Uzbekistan</option><option value='vu'>Vanuatu</option><option value='va'>Vatican City State</option><option value='ve'>Venezuela</option><option value='vn'>Vietnam</option><option value='vg'>Virgin Islands (British)</option><option value='vi'>Virgin Islands (USA)</option><option value='wf'>Wallis and Futuna Islands</option><option value='eh'>Western Sahara</option><option value='ye'>Yemen</option><option value='zm'>Zambia</option><option value='zw'>Zimbabwe</option></select>",
-			'ip_001'            =>  "<input type='text' name='ip_001' value='::1' maxlength=32  id='ip-001' class='tbox form-control' tabindex='14' />",
+			'country_001'       => "<select name='country_001' id='country-001' class='tbox select form-control' tabindex='12'><option> </option><option value='af'>Afghanistan</option><option value='al'>Albania</option><option value='dz'>Algeria</option><option value='as'>American Samoa</option><option value='ad'>Andorra</option><option value='ao'>Angola</option><option value='ai'>Anguilla</option><option value='aq'>Antarctica</option><option value='ag'>Antigua and Barbuda</option><option value='ar'>Argentina</option><option value='am'>Armenia</option><option value='aw'>Aruba</option><option value='au' selected='selected'>Australia</option><option value='at'>Austria</option><option value='az'>Azerbaijan</option><option value='bs'>Bahamas</option><option value='bh'>Bahrain</option><option value='bd'>Bangladesh</option><option value='bb'>Barbados</option><option value='by'>Belarus</option><option value='be'>Belgium</option><option value='bz'>Belize</option><option value='bj'>Benin</option><option value='bm'>Bermuda</option><option value='bt'>Bhutan</option><option value='bo'>Bolivia</option><option value='ba'>Bosnia-Herzegovina</option><option value='bw'>Botswana</option><option value='bv'>Bouvet Island</option><option value='br'>Brazil</option><option value='io'>British Indian Ocean Territory</option><option value='bn'>Brunei Darussalam</option><option value='bg'>Bulgaria</option><option value='bf'>Burkina Faso</option><option value='bi'>Burundi</option><option value='kh'>Cambodia</option><option value='cm'>Cameroon</option><option value='ca'>Canada</option><option value='cv'>Cape Verde</option><option value='ky'>Cayman Islands</option><option value='cf'>Central African Republic</option><option value='td'>Chad</option><option value='cl'>Chile</option><option value='cn'>China</option><option value='cx'>Christmas Island</option><option value='cc'>Cocos (Keeling) Islands</option><option value='co'>Colombia</option><option value='km'>Comoros</option><option value='cg'>Congo</option><option value='cd'>Congo (Dem.Rep)</option><option value='ck'>Cook Islands</option><option value='cr'>Costa Rica</option><option value='hr'>Croatia</option><option value='cu'>Cuba</option><option value='cy'>Cyprus</option><option value='cz'>Czech Republic</option><option value='dk'>Denmark</option><option value='dj'>Djibouti</option><option value='dm'>Dominica</option><option value='do'>Dominican Republic</option><option value='tp'>East Timor</option><option value='ec'>Ecuador</option><option value='eg'>Egypt</option><option value='sv'>El Salvador</option><option value='gq'>Equatorial Guinea</option><option value='er'>Eritrea</option><option value='ee'>Estonia</option><option value='et'>Ethiopia</option><option value='fk'>Falkland Islands</option><option value='fo'>Faroe Islands</option><option value='fj'>Fiji</option><option value='fi'>Finland</option><option value='fr'>France</option><option value='gf'>French Guyana</option><option value='tf'>French Southern Territories</option><option value='ga'>Gabon</option><option value='gm'>Gambia</option><option value='ge'>Georgia</option><option value='de'>Germany</option><option value='gh'>Ghana</option><option value='gi'>Gibraltar</option><option value='gr'>Greece</option><option value='gl'>Greenland</option><option value='gd'>Grenada</option><option value='gp'>Guadeloupe (French)</option><option value='gu'>Guam (USA)</option><option value='gt'>Guatemala</option><option value='gn'>Guinea</option><option value='gw'>Guinea Bissau</option><option value='gy'>Guyana</option><option value='ht'>Haiti</option><option value='hm'>Heard and McDonald Islands</option><option value='hn'>Honduras</option><option value='hk'>Hong Kong</option><option value='hu'>Hungary</option><option value='is'>Iceland</option><option value='in'>India</option><option value='id'>Indonesia</option><option value='ir'>Iran</option><option value='iq'>Iraq</option><option value='ie'>Ireland</option><option value='il'>Israel</option><option value='it'>Italy</option><option value='ci'>Ivory Coast (Cote D'Ivoire)</option><option value='jm'>Jamaica</option><option value='jp'>Japan</option><option value='jo'>Jordan</option><option value='kz'>Kazakhstan</option><option value='ke'>Kenya</option><option value='ki'>Kiribati</option><option value='kp'>Korea (North)</option><option value='kr'>Korea (South)</option><option value='kw'>Kuwait</option><option value='kg'>Kyrgyzstan</option><option value='la'>Laos</option><option value='lv'>Latvia</option><option value='lb'>Lebanon</option><option value='ls'>Lesotho</option><option value='lr'>Liberia</option><option value='ly'>Libya</option><option value='li'>Liechtenstein</option><option value='lt'>Lithuania</option><option value='lu'>Luxembourg</option><option value='mo'>Macau</option><option value='mk'>Macedonia</option><option value='mg'>Madagascar</option><option value='mw'>Malawi</option><option value='my'>Malaysia</option><option value='mv'>Maldives</option><option value='ml'>Mali</option><option value='mt'>Malta</option><option value='mh'>Marshall Islands</option><option value='mq'>Martinique (French)</option><option value='mr'>Mauritania</option><option value='mu'>Mauritius</option><option value='yt'>Mayotte</option><option value='mx'>Mexico</option><option value='fm'>Micronesia</option><option value='md'>Moldavia</option><option value='mc'>Monaco</option><option value='mn'>Mongolia</option><option value='me'>Montenegro</option><option value='ms'>Montserrat</option><option value='ma'>Morocco</option><option value='mz'>Mozambique</option><option value='mm'>Myanmar</option><option value='na'>Namibia</option><option value='nr'>Nauru</option><option value='np'>Nepal</option><option value='nl'>Netherlands</option><option value='an'>Netherlands Antilles</option><option value='nc'>New Caledonia (French)</option><option value='nz'>New Zealand</option><option value='ni'>Nicaragua</option><option value='ne'>Niger</option><option value='ng'>Nigeria</option><option value='nu'>Niue</option><option value='nf'>Norfolk Island</option><option value='mp'>Northern Mariana Islands</option><option value='no'>Norway</option><option value='om'>Oman</option><option value='pk'>Pakistan</option><option value='pw'>Palau</option><option value='pa'>Panama</option><option value='pg'>Papua New Guinea</option><option value='py'>Paraguay</option><option value='pe'>Peru</option><option value='ph'>Philippines</option><option value='pn'>Pitcairn Island</option><option value='pl'>Poland</option><option value='pf'>Polynesia (French)</option><option value='pt'>Portugal</option><option value='pr'>Puerto Rico</option><option value='ps'>Palestine</option><option value='qa'>Qatar</option><option value='re'>Reunion (French)</option><option value='ro'>Romania</option><option value='ru'>Russia</option><option value='rw'>Rwanda</option><option value='gs'>S. Georgia &amp; S. Sandwich Isls.</option><option value='sh'>Saint Helena</option><option value='kn'>Saint Kitts &amp; Nevis</option><option value='lc'>Saint Lucia</option><option value='pm'>Saint Pierre and Miquelon</option><option value='st'>Saint Tome (Sao Tome) and Principe</option><option value='vc'>Saint Vincent &amp; Grenadines</option><option value='ws'>Samoa</option><option value='sm'>San Marino</option><option value='sa'>Saudi Arabia</option><option value='sn'>Senegal</option><option value='rs'>Serbia</option><option value='sc'>Seychelles</option><option value='sl'>Sierra Leone</option><option value='sg'>Singapore</option><option value='sk'>Slovak Republic</option><option value='si'>Slovenia</option><option value='sb'>Solomon Islands</option><option value='so'>Somalia</option><option value='za'>South Africa</option><option value='es'>Spain</option><option value='lk'>Sri Lanka</option><option value='sd'>Sudan</option><option value='sr'>Suriname</option><option value='sj'>Svalbard and Jan Mayen Islands</option><option value='sz'>Swaziland</option><option value='se'>Sweden</option><option value='ch'>Switzerland</option><option value='sy'>Syria</option><option value='tj'>Tadjikistan</option><option value='tw'>Taiwan</option><option value='tz'>Tanzania</option><option value='th'>Thailand</option><option value='ti'>Tibet</option><option value='tg'>Togo</option><option value='tk'>Tokelau</option><option value='to'>Tonga</option><option value='tt'>Trinidad and Tobago</option><option value='tn'>Tunisia</option><option value='tr'>Turkey</option><option value='tm'>Turkmenistan</option><option value='tc'>Turks and Caicos Islands</option><option value='tv'>Tuvalu</option><option value='ug'>Uganda</option><option value='ua'>Ukraine</option><option value='ae'>United Arab Emirates</option><option value='gb'>United Kingdom</option><option value='us'>United States</option><option value='uy'>Uruguay</option><option value='um'>US Minor Outlying Islands</option><option value='uz'>Uzbekistan</option><option value='vu'>Vanuatu</option><option value='va'>Vatican City State</option><option value='ve'>Venezuela</option><option value='vn'>Vietnam</option><option value='vg'>Virgin Islands (British)</option><option value='vi'>Virgin Islands (USA)</option><option value='wf'>Wallis and Futuna Islands</option><option value='eh'>Western Sahara</option><option value='ye'>Yemen</option><option value='zm'>Zambia</option><option value='zw'>Zimbabwe</option></select>",
+			'ip_001'            =>  "<input type='text' name='ip_001' value='::1' maxlength='32'  id='ip-001' class='tbox form-control' tabindex='14' />",
 			'templates_001'     => "<select name='templates_001' id='templates-001' class='tbox select form-control' tabindex='15'><option value='bbcode'>Bbcode</option><option value='forum_icons'>Forum Icons</option><option value='forum_poll'>Forum Poll</option><option value='forum_post'>Forum Post</option><option value='forum_posted'>Forum Posted</option><option value='forum_preview'>Forum Preview</option><option value='forum'>Forum</option><option value='forum_viewforum'>Forum Viewforum</option><option value='forum_viewtopic'>Forum Viewtopic</option><option value='newforumposts_menu'>Newforumposts Menu</option></select>",
 			'radio_001'         => "<label class='radio-inline form-check-inline'><input class='form-check-input' type='radio' name='radio_001' value='1' /> <span>Radio Opt 1</span></label> <label class='radio-inline form-check-inline'><input class='form-check-input' type='radio' name='radio_001' value='2' checked='checked' /> <span>Radio Opt 2</span></label> <label class='radio-inline form-check-inline'><input class='form-check-input' type='radio' name='radio_001' value='3' /> <span>Radio Opt 3</span></label>",
 
 			//todo check tags_001 is correct.
-			'tags_001'          => "<input type='text' name='tags_001' value='keyword1,keyword2,keyword3' maxlength=255  id='tags-001' tabindex='16' />",
+			'tags_001'          => "<input type='text' name='tags_001' value='keyword1,keyword2,keyword3' maxlength='255'  id='tags-001' tabindex='16' />",
 
 			//	'bbarea_001'        => '<!-- bbcode-html-start --><b>bold</b><!-- bbcode-html-end -->',
 			//		'icon_001'          => "<span class='icon-preview'><img class='icon' src='".e_HTTP."e107_images/e107_icon_32.png' alt='e107_icon_32.png'  /></span>",
 
 			'file_001'          => "<input type='hidden' name='file_001' id='file-001' value='{e_MEDIA_FILE}test.zip' style='width:400px' /><a title='Media Manager : _common_file' class='e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common_file&amp;tagid=file-001&amp;iframe=1'><span id='file-001_prev' class='btn btn-default btn-secondary btn-small'>{e_MEDIA_FILE}test.zip</span></a>",
-			'files_001'         => "<ol><li><input type='hidden' name='files_001[0][path]' id='files-001-0-path' value='{e_MEDIA_FILE}test.zip'  /><input type='hidden' name='files_001[0][name]' id='files-001-0-name' value='test.zip'  /><input type='hidden' name='files_001[0][id]' id='files-001-0-id' value='171'  /><a title='Media Manager : _common_file' class='e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common_file&amp;tagid=files-001-0&amp;iframe=1'><span id='files-001-0_prev' class='btn btn-default btn-secondary btn-small'>{e_MEDIA_FILE}test.zip</span></a></li><li><input type='hidden' name='files_001[1][path]' id='files-001-1-path' value=''  /><input type='hidden' name='files_001[1][name]' id='files-001-1-name' value=''  /><input type='hidden' name='files_001[1][id]' id='files-001-1-id' value=''  /><a title='Media Manager : _common_file' class='e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common_file&amp;tagid=files-001-1&amp;iframe=1'><span id='files-001-1_prev' class='btn btn-default btn-secondary btn-small'>Choose a file</span></a></li><li><input type='hidden' name='files_001[2][path]' id='files-001-2-path' value=''  /><input type='hidden' name='files_001[2][name]' id='files-001-2-name' value=''  /><input type='hidden' name='files_001[2][id]' id='files-001-2-id' value=''  /><a title='Media Manager : _common_file' class='e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common_file&amp;tagid=files-001-2&amp;iframe=1'><span id='files-001-2_prev' class='btn btn-default btn-secondary btn-small'>Choose a file</span></a></li><li><input type='hidden' name='files_001[3][path]' id='files-001-3-path' value=''  /><input type='hidden' name='files_001[3][name]' id='files-001-3-name' value=''  /><input type='hidden' name='files_001[3][id]' id='files-001-3-id' value=''  /><a title='Media Manager : _common_file' class='e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common_file&amp;tagid=files-001-3&amp;iframe=1'><span id='files-001-3_prev' class='btn btn-default btn-secondary btn-small'>Choose a file</span></a></li><li><input type='hidden' name='files_001[4][path]' id='files-001-4-path' value=''  /><input type='hidden' name='files_001[4][name]' id='files-001-4-name' value=''  /><input type='hidden' name='files_001[4][id]' id='files-001-4-id' value=''  /><a title='Media Manager : _common_file' class='e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common_file&amp;tagid=files-001-4&amp;iframe=1'><span id='files-001-4_prev' class='btn btn-default btn-secondary btn-small'>Choose a file</span></a></li></ol>",
+			'files_001'         => "<ol><li><input type='hidden' name='files_001[0][path]' id='files-001-0-path' value='{e_MEDIA_FILE}test.zip'  /><input type='hidden' name='files_001[0][name]' id='files-001-0-name' value='test.zip'  /><input type='hidden' name='files_001[0][id]' id='files-001-0-id' value='171'  /><a title='Media Manager : _common_file' class='e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common_file&amp;tagid=files-001-0&amp;iframe=1'><span id='files-001-0_prev' class='btn btn-default btn-secondary btn-small'>{e_MEDIA_FILE}test.zip</span></a></li><li><input type='hidden' name='files_001[1][path]' id='files-001-1-path'  /><input type='hidden' name='files_001[1][name]' id='files-001-1-name'  /><input type='hidden' name='files_001[1][id]' id='files-001-1-id'  /><a title='Media Manager : _common_file' class='e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common_file&amp;tagid=files-001-1&amp;iframe=1'><span id='files-001-1_prev' class='btn btn-default btn-secondary btn-small'>Choose a file</span></a></li><li><input type='hidden' name='files_001[2][path]' id='files-001-2-path'  /><input type='hidden' name='files_001[2][name]' id='files-001-2-name'  /><input type='hidden' name='files_001[2][id]' id='files-001-2-id'  /><a title='Media Manager : _common_file' class='e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common_file&amp;tagid=files-001-2&amp;iframe=1'><span id='files-001-2_prev' class='btn btn-default btn-secondary btn-small'>Choose a file</span></a></li><li><input type='hidden' name='files_001[3][path]' id='files-001-3-path'  /><input type='hidden' name='files_001[3][name]' id='files-001-3-name'  /><input type='hidden' name='files_001[3][id]' id='files-001-3-id'  /><a title='Media Manager : _common_file' class='e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common_file&amp;tagid=files-001-3&amp;iframe=1'><span id='files-001-3_prev' class='btn btn-default btn-secondary btn-small'>Choose a file</span></a></li><li><input type='hidden' name='files_001[4][path]' id='files-001-4-path'  /><input type='hidden' name='files_001[4][name]' id='files-001-4-name'  /><input type='hidden' name='files_001[4][id]' id='files-001-4-id'  /><a title='Media Manager : _common_file' class='e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common_file&amp;tagid=files-001-4&amp;iframe=1'><span id='files-001-4_prev' class='btn btn-default btn-secondary btn-small'>Choose a file</span></a></li></ol>",
 			'datestamp_001'     => "<input class='tbox e-date input-xlarge form-control' type='text' size='40' id='e-datepicker-datestamp-001' value='Monday, 01 Feb, 2016' data-date-unix ='true' data-date-format='DD, dd M, yyyy' data-date-ampm='false' data-date-language='en' data-date-firstday='0'     /><input type='hidden' name='datestamp_001' id='datestamp-001' value='1454367600' />",
 			'date_001'          => "<input class='tbox e-date input-xlarge form-control' type='text' size='40' id='e-datepicker-date-001' value='Thursday, 23 Aug, 2018' data-date-unix ='true' data-date-format='DD, dd M, yyyy' data-date-ampm='false' data-date-language='en' data-date-firstday='0'     /><input type='hidden' name='date_001' id='date-001' value='1535007600' />",
 			'userclass_001'     => "<select name='userclass_001' id='userclass-001' class='tbox select form-control' tabindex='18'><option value='0' selected='selected'>Everyone (public)</option><option value='254'>&nbsp;&nbsp;Admin</option><option value='249'>&nbsp;&nbsp;Admins and Mods</option><option value='2'>&nbsp;&nbsp;CONTACT PEOPLE</option><option value='248'>&nbsp;&nbsp;Forum Moderators</option><option value='252'>&nbsp;&nbsp;Guests</option><option value='250'>&nbsp;&nbsp;Main Admin</option><option value='253'>&nbsp;&nbsp;Members</option><option value='1'>&nbsp;&nbsp;PRIVATEMENU</option><option value='255'>No One (inactive)</option><option value='3'>&nbsp;&nbsp;NEWSLETTER</option><optgroup label='Everyone but..'><option value='-254'>&nbsp;&nbsp;Not Admin</option><option value='-249'>&nbsp;&nbsp;Not Admins and Mods</option><option value='-2'>&nbsp;&nbsp;Not CONTACT PEOPLE</option><option value='-248'>&nbsp;&nbsp;Not Forum Moderators</option><option value='-252'>&nbsp;&nbsp;Not Guests</option><option value='-250'>&nbsp;&nbsp;Not Main Admin</option><option value='-253'>&nbsp;&nbsp;Not Members</option><option value='-1'>&nbsp;&nbsp;Not PRIVATEMENU</option><option value='-3'>&nbsp;&nbsp;Not NEWSLETTER</option></optgroup></select>",
 			'userclasses_001'   => "<select name='userclasses_001[]' id='userclasses-001' class='tbox select form-control' tabindex='19' multiple='multiple'><option value='0'>Everyone (public)</option><option value='254'>&nbsp;&nbsp;Admin</option><option value='249'>&nbsp;&nbsp;Admins and Mods</option><option value='2'>&nbsp;&nbsp;CONTACT PEOPLE</option><option value='248'>&nbsp;&nbsp;Forum Moderators</option><option value='252'>&nbsp;&nbsp;Guests</option><option value='250'>&nbsp;&nbsp;Main Admin</option><option value='253'>&nbsp;&nbsp;Members</option><option value='1' selected='selected'>&nbsp;&nbsp;PRIVATEMENU</option><option value='255'>No One (inactive)</option><option value='3'>&nbsp;&nbsp;NEWSLETTER</option><optgroup label='Everyone but..'><option value='-254'>&nbsp;&nbsp;Not Admin</option><option value='-249'>&nbsp;&nbsp;Not Admins and Mods</option><option value='-2'>&nbsp;&nbsp;Not CONTACT PEOPLE</option><option value='-248'>&nbsp;&nbsp;Not Forum Moderators</option><option value='-252'>&nbsp;&nbsp;Not Guests</option><option value='-250'>&nbsp;&nbsp;Not Main Admin</option><option value='-253'>&nbsp;&nbsp;Not Members</option><option value='-1'>&nbsp;&nbsp;Not PRIVATEMENU</option><option value='-3'>&nbsp;&nbsp;Not NEWSLETTER</option></optgroup></select>",
 			//todo check user_001 is correct
-			'user_001'          => "<input type='text' name='user_001' value='1' maxlength=100  id='user-001' tabindex='20' />",
-			'url_001'           => "<input type='text' name='url_001' value='https://e107.org' maxlength=255  id='url-001' class='tbox form-control' tabindex='21' pattern='^\S*$' />",
-			'email_001'         => "<input type='email' name='email_001' value='me@email.com' maxlength=255  id='email-001' class='tbox form-control' tabindex='22' />",
+			'user_001'          => "<input type='text' name='user_001' value='1' maxlength='100'  id='user-001' tabindex='20' />",
+			'url_001'           => "<input type='text' name='url_001' value='https://e107.org' maxlength='255'  id='url-001' class='tbox form-control' tabindex='21' pattern='^\S*$' />",
+			'email_001'         => "<input type='email' name='email_001' value='me@email.com' maxlength='255'  id='email-001' class='tbox form-control' tabindex='22' />",
 			'hidden_001'        => "<input type='hidden' name='hidden_001' value='hidden-value' id='hidden-001-hidden-value' />",
 			//	'method_001'        => 'custom-value',
 			'language_001'      => "<select name='language_001' id='language-001' class='tbox select form-control' tabindex='23'><option value='aa'>Afar</option><option value='ab'>Abkhazian</option><option value='af'>Afrikaans</option><option value='am'>Amharic</option><option value='ar'>Arabic</option><option value='as'>Assamese</option><option value='ae'>Avestan</option><option value='ay'>Aymara</option><option value='az'>Azerbaijani</option><option value='ba'>Bashkir</option><option value='be'>Belarusian</option><option value='bn'>Bengali</option><option value='bh'>Bihari</option><option value='bi'>Bislama</option><option value='bo'>Tibetan</option><option value='bs'>Bosnian</option><option value='br'>Brazilian</option><option value='bg'>Bulgarian</option><option value='my'>Burmese</option><option value='ca'>Catalan</option><option value='cs'>Czech</option><option value='ch'>Chamorro</option><option value='ce'>Chechen</option><option value='cn'>ChineseSimp</option><option value='tw'>ChineseTrad</option><option value='cv'>Chuvash</option><option value='kw'>Cornish</option><option value='co'>Corsican</option><option value='da'>Danish</option><option value='nl'>Dutch</option><option value='dz'>Dzongkha</option><option value='de'>German</option><option value='en'>English</option><option value='eo'>Esperanto</option><option value='et'>Estonian</option><option value='eu'>Basque</option><option value='fo'>Faroese</option><option value='fa'>Persian</option><option value='fj'>Fijian</option><option value='fi'>Finnish</option><option value='fr' selected='selected'>French</option><option value='fy'>Frisian</option><option value='gd'>Gaelic</option><option value='el'>Greek</option><option value='ga'>Irish</option><option value='gl'>Gallegan</option><option value='gn'>Guarani</option><option value='gu'>Gujarati</option><option value='ha'>Hausa</option><option value='he'>Hebrew</option><option value='hz'>Herero</option><option value='hi'>Hindi</option><option value='ho'>Hiri Motu</option><option value='hr'>Croatian</option><option value='hu'>Hungarian</option><option value='hy'>Armenian</option><option value='iu'>Inuktitut</option><option value='ie'>Interlingue</option><option value='id'>Indonesian</option><option value='ik'>Inupiaq</option><option value='is'>Icelandic</option><option value='it'>Italian</option><option value='jw'>Javanese</option><option value='ja'>Japanese</option><option value='kl'>Kalaallisut</option><option value='kn'>Kannada</option><option value='ks'>Kashmiri</option><option value='ka'>Georgian</option><option value='kk'>Kazakh</option><option value='km'>Khmer</option><option value='ki'>Kikuyu</option><option value='rw'>Kinyarwanda</option><option value='ky'>Kirghiz</option><option value='kv'>Komi</option><option value='ko'>Korean</option><option value='ku'>Kurdish</option><option value='lo'>Lao</option><option value='la'>Latin</option><option value='lv'>Latvian</option><option value='ln'>Lingala</option><option value='lt'>Lithuanian</option><option value='lb'>Letzeburgesch</option><option value='mh'>Marshall</option><option value='ml'>Malayalam</option><option value='mr'>Marathi</option><option value='mk'>Macedonian</option><option value='mg'>Malagasy</option><option value='mt'>Maltese</option><option value='mo'>Moldavian</option><option value='mn'>Mongolian</option><option value='mi'>Maori</option><option value='ms'>Malay</option><option value='gv'>Manx</option><option value='na'>Nauru</option><option value='nv'>Navajo</option><option value='ng'>Ndonga</option><option value='ne'>Nepali</option><option value='no'>Norwegian</option><option value='ny'>Chichewa</option><option value='or'>Oriya</option><option value='om'>Oromo</option><option value='pa'>Panjabi</option><option value='pi'>Pali</option><option value='pl'>Polish</option><option value='pt'>Portuguese</option><option value='ps'>Pushto</option><option value='qu'>Quechua</option><option value='ro'>Romanian</option><option value='rn'>Rundi</option><option value='ru'>Russian</option><option value='sg'>Sango</option><option value='sa'>Sanskrit</option><option value='si'>Sinhala</option><option value='sk'>Slovak</option><option value='sl'>Slovenian</option><option value='sm'>Samoan</option><option value='sn'>Shona</option><option value='sd'>Sindhi</option><option value='so'>Somali</option><option value='es'>Spanish</option><option value='sq'>Albanian</option><option value='sc'>Sardinian</option><option value='sr'>Serbian</option><option value='ss'>Swati</option><option value='su'>Sundanese</option><option value='sw'>Swahili</option><option value='sv'>Swedish</option><option value='ty'>Tahitian</option><option value='ta'>Tamil</option><option value='tt'>Tatar</option><option value='te'>Telugu</option><option value='tg'>Tajik</option><option value='tl'>Tagalog</option><option value='th'>Thai</option><option value='ti'>Tigrinya</option><option value='tn'>Tswana</option><option value='ts'>Tsonga</option><option value='tk'>Turkmen</option><option value='tr'>Turkish</option><option value='ug'>Uighur</option><option value='uk'>Ukrainian</option><option value='ur'>Urdu</option><option value='uz'>Uzbek</option><option value='vi'>Vietnamese</option><option value='cy'>Welsh</option><option value='wo'>Wolof</option><option value='xh'>Xhosa</option><option value='yi'>Yiddish</option><option value='yo'>Yoruba</option><option value='za'>Zhuang</option><option value='zu'>Zulu</option></select>",
-			'media_001'         => "<div class='mediaselector-multi field-element-media'><div  class='mediaselector-container e-tip well well-small '  style='position:relative;vertical-align:top;margin-right:15px; display:inline-block; width:206px;min-height:190px;'><div id='media-001-0-path_prev' class='mediaselector-preview'></div><div class='overlay'>				    <div class='text'><a title='Add' class='btn btn-sm btn-default e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common&amp;tagid=media-001-0-path&amp;iframe=1&amp;w=206'><i class='fas fa-plus fa-fw' ><!-- --></i></a></div>				  </div></div><input type='hidden' name='media_001[0][path]' id='media-001-0-path' value='' /><input type='hidden' name='mediameta_media_001[0][path]' id='media-001-0-path-meta' value='' /></div>",
+			'media_001'         => "<div class='mediaselector-multi field-element-media'><div  class='mediaselector-container e-tip well well-small '  style='position:relative;vertical-align:top;margin-right:15px; display:inline-block; width:206px;min-height:190px;'><div id='media-001-0-path_prev' class='mediaselector-preview'></div><div class='overlay'>				    <div class='text'><a title='Add' class='btn btn-sm btn-default e-modal' data-modal-submit='true' data-modal-caption='Media Manager' data-cache='false' data-target='#uiModal' href='/e107_admin/image.php?mode=main&amp;action=dialog&amp;for=_common&amp;tagid=media-001-0-path&amp;iframe=1&amp;w=206'><i class='fas fa-plus fa-fw' ><!-- --></i></a></div>				  </div></div><input type='hidden' name='media_001[0][path]' id='media-001-0-path' /><input type='hidden' name='mediameta_media_001[0][path]' id='media-001-0-path-meta' /></div>",
 			//	'lanlist_001'       => 'German', // only works with multiple languages installed.
 		);
 
@@ -1207,22 +1224,22 @@ class e_formTest extends \Codeception\Test\Unit
 			0   => array(
 				'value'     => 'Some text',
 				'parms'     => array('link'=>'myurl.php', 'target'=>'blank'),
-				'expected'  => "<a class='e-tip'  rel='external'  href='myurl.php'  title='Quick View' >Some text</a>"
+				'expected'  => "<a class='e-tip' rel='external' href='myurl.php' title='Quick View'>Some text</a>"
 			),
 			1   => array(
 				'value'     => 'Some text',
 				'parms'     => array('link'=>'myurl.php?id=[id]', 'target'=>'modal'),
-				'expected'  => "<a class='e-tip'  href='myurl.php?id=3'  data-toggle='modal' data-bs-toggle='modal' data-cache='false' data-target='#uiModal'  title='Quick View' >Some text</a>"
+				'expected'  => "<a class='e-tip' href='myurl.php?id=3' title='Quick View' data-toggle='modal' data-bs-toggle='modal' data-cache='false' data-target='#uiModal'>Some text</a>"
 			),
 			2   => array(
 				'value'     => 'Some text',
 				'parms'     => array('link'=>'url_001', 'target'=>'blank'),
-				'expected'  => "<a class='e-tip'  rel='external'  href='https://e107.org'  title='Quick View' >Some text</a>"
+				'expected'  => "<a class='e-tip' rel='external' href='https://e107.org' title='Quick View'>Some text</a>"
 			),
 			3   => array(
 				'value'     => 'Some text',
 				'parms'     => array('link'=>'myurl.php?country=[country_001]', 'target'=>'dialog'),
-				'expected'  => "<a class='e-tip e-modal'  href='myurl.php?country=au'  title='Quick View' >Some text</a>"
+				'expected'  => "<a class='e-tip e-modal' href='myurl.php?country=au' title='Quick View'>Some text</a>"
 			),
 		/*	4   => array(
 				'value'     => 'Some text',
diff --git a/e107_tests/tests/unit/e_parseTest.php b/e107_tests/tests/unit/e_parseTest.php
index 18aedb6ec..76f5b9e68 100644
--- a/e107_tests/tests/unit/e_parseTest.php
+++ b/e107_tests/tests/unit/e_parseTest.php
@@ -2589,7 +2589,22 @@ Your browser does not support the audio tag.
 
 		}
 
+		/**
+		 * e107 v0.6.0 requires strings to be passed around with quotation marks escaped for HTML as a way to prevent
+		 * both SQL injection and cross-site scripting. Although {@see e_parse::toDB()} is supposed to do that, some
+		 * usages, specifically {@see e_front_model::sanitizeValue()} call {@see e_parse::filter()} instead.
+		 *
+		 * @version 2.3.1
+		 */
+		public function testFilterStr()
+		{
+			$input = "<strong>\"e107's\"</strong>";
+			$expected = "&quot;e107&#039;s&quot;";
 
+			$actual = $this->tp->filter($input, 'str');
+
+			$this->assertEquals($expected, $actual);
+		}
 
 		public function testCleanHtml()
 		{