Merge pull request #4573 from Deltik/fix/4572

#4572: `e_form`: No `htmlspecialchars()` on "other" attributes

e107_handlers/form_handler.php

@@ -3907,7 +3907,10 @@ var_dump($select_options);*/
 		//
 		foreach ($options as $option => $optval)
 		{
-			$optval = htmlspecialchars(trim((string) $optval),  ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+			if ($option !== 'other')
+			{
+				$optval = htmlspecialchars(trim((string) $optval),  ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
+			}
 			switch ($option)
 			{
 

e107_tests/tests/unit/e_formTest.php

@@ -867,6 +867,22 @@ class e_formTest extends \Codeception\Test\Unit
 
 				$this->assertSame($expected, $actual);
 			}
+
+			/**
+			 * @link https://github.com/e107inc/e107/issues/4572
+			 */
+			public function testGet_attributesOther()
+			{
+				$options = array(
+					'size'  => '300px',
+					'other' => 'v-bind:class="{ active: isActive }"',
+				);
+
+				$actual = $this->_frm->get_attributes($options);
+				$expected = ' size=\'300px\' v-bind:class="{ active: isActive }"';
+
+				$this->assertSame($expected, $actual);
+			}
 /*
 			public function test_format_id()
 			{