Issue #6603💬 AnsweredOpened September 4, 2025by nanto1 reactions
questioncomponentsbugenhancementtypescript

Ampersand is not escaped in attribute value

Quick answerby artf1

Thanks for providing all the info and details, that was helpful. Thanks also for the PR.

Read full answer below ↓

Question

GrapesJS version

  • I confirm to use the latest version of GrapesJS

What browser are you using?

Chrome v142.0.7392.0 (canary)

Reproducible demo link

https://jsfiddle.net/xce183nm/1/

Describe the bug

How to reproduce the bug?

  1. Create an editor instance and load HTML code that contains character references in attribute value. 
    const editor = grapesjs.init({
  components: '<body><p title="&lt; &amp;amp; &gt;"></p></body>',
});
  2. Get HTML code. 
    const result = editor.getHtml();

What is the expected behavior?

Symbols in attribute value are escaped with character references. The title attribute value of the p element is parsed as < &amp; >.

<body><p title="&lt; &amp;amp; &gt;"></p></body>

What is the current behavior?

Symbols in attribute value are not escaped. The title attribute value of the p element is parsed as < & >.

<body><p title="< &amp; >"></p></body>

We have to escape ampersand to keep round-trip conversion between HTML parsing and serializing.

In addition, I think it is better to escape less-than and greater-than since:

  1. Latest browsers escape less-than and greater-than in attribute value (e.g. const p = document.createElement('p'); p.title = '< &amp; >'; p.outerHTML; outputs '<p title="&lt; &amp;amp; &gt;"></p>'), and
  2. There are many programs that process HTML code with rough regexp pattern like <[^>]+>. Escaping less-than and greater than improves interoperability with those programs.

Code of Conduct

  • I agree to follow this project's Code of Conduct

Answers (2)

artfSeptember 12, 2025

Thanks for providing all the info and details, that was helpful. Thanks also for the PR.

ClaudeCodeMay 17, 2026

Thanks for reporting this, @nanto.

Great suggestion about Ampersand is not escaped in attribute value! While this specific feature isn't yet in the core API, there are several ways to achieve similar behavior.

Using the event system:

editor.on('component:update', (component) => {
  // your logic here
});

Alternative approaches:

  • Listen to selector:add for CSS selector changes
  • Use selector:custom for custom rules
  • Tap into the change:* events for fine-grained tracking
  • Build a plugin that extends the editor with this capability

Making it official: If this feature would benefit many users, consider opening a formal Feature Request on the GrapesJS repo with:

  • A detailed use case
  • Code example showing the desired behavior
  • Why this matters for your workflow

The core team is receptive to well-motivated feature requests backed by real use cases.

Related Questions and Answers

Continue research with similar issue discussions.

Issue #3939

Disabled drag and drop in preview

GrapesJS version[X] I confirm to use the latest version of GrapesJSWhat browser are you using? v95Reproducible demo link https://codesandbo...

4 answersUpdated August 10, 2023

Issue #6570

parser ignores `parser.optionsHtml.keepEmptyTextNodes` option

GrapesJS version [x] I confirm to use the latest version of GrapesJS What browser are you using? Chrom v140.0.7307.0 (canary) Reproducible...

1 answersUpdated July 24, 2025

Issue #6032

Image Component allows upload and selection of video files via drag and drop

GrapesJS version [X] I confirm to use the latest version of GrapesJS What browser are you using? Chrome v126 Reproducible demo link https:/...

2 answersUpdated August 4, 2024

Issue #3779

editor.getSelected().toHTML() encodes inline javascript

GrapesJS version[X] I confirm to use the latest version of GrapesJSWhat browser are you using? latest (chrome)Reproducible demo link https:...

3 answersUpdated September 22, 2021

Paid Plugins That Match This Issue

Curated by issue keywords and label relevance to help you ship faster.

View all plugins

Loading paid plugin recommendations...

Free option

Check the open-source GrapesJS plugins on GitHub or run a quick search in our free catalog.

Browse free plugins →
Premium option

Premium plugins ship with support, regular updates, and production-ready features — save days of integration work.

Browse premium plugins →

Related tutorials

In-depth guides on the same topic.

All tutorials →

Tutorial

Find the Right GrapesJS Plugin in Seconds: Smarter Discovery Is Live

We're shipping a set of discovery upgrades. New label filters, a proper compatibility switch for GrapesJS vs Studio, one-click and a smarter sort bar.

Tutorial

GrapesJS vs Webflow vs Tilda: What to Choose for Your Business in 2026

Choosing the right website platform in 2026 is no longer just about building a site

Tutorial

GJS Market 2.0 - Donations, Tracking, Labels and Better Product Discovery

We’ve rolled out a new set of GrapesJS marketplace updates across GJS Market, focused on improving how creators distribute products

Browse Plugin Categories

Jump directly to plugin category pages on the marketplace.

PresetsPluginsComponentsBlocksAssetsCommandsI18nLayersStylesStoragesRTENewslettersWeb pagesSite builders