From 6941ec7fb0b2d9bc44df3c5c9c38a505d7bc53d6 Mon Sep 17 00:00:00 2001
From: Raymond Hill <rhill@raymondhill.net>
Date: Tue, 11 Jan 2022 07:20:03 -0500
Subject: [PATCH] Escape unescaped `"` in attribute values

Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/1923
---
 src/js/scriptlets/epicker.js | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/js/scriptlets/epicker.js b/src/js/scriptlets/epicker.js
index ace009de4..4f4390613 100644
--- a/src/js/scriptlets/epicker.js
+++ b/src/js/scriptlets/epicker.js
@@ -416,6 +416,9 @@ const cosmeticFilterFromElement = function(elem) {
     // Use attributes if still no selector found.
     // https://github.com/gorhill/uBlock/issues/1901
     //   Trim attribute value, this may help in case of malformed HTML.
+    //
+    // https://github.com/uBlockOrigin/uBlock-issues/issues/1923
+    //   Escape unescaped `"` in attribute values
     if ( selector === '' ) {
         let attributes = [], attr;
         switch ( tagName ) {
@@ -457,13 +460,14 @@ const cosmeticFilterFromElement = function(elem) {
         }
         while ( (attr = attributes.pop()) ) {
             if ( attr.v.length === 0 ) { continue; }
+            const w = attr.v.replace(/([^\\])"/g, '$1\\"');
             v = elem.getAttribute(attr.k);
             if ( attr.v === v ) {
-                selector += `[${attr.k}="${attr.v}"]`;
+                selector += `[${attr.k}="${w}"]`;
             } else if ( v.startsWith(attr.v) ) {
-                selector += `[${attr.k}^="${attr.v}"]`;
+                selector += `[${attr.k}^="${w}"]`;
             } else {
-                selector += `[${attr.k}*="${attr.v}"]`;
+                selector += `[${attr.k}*="${w}"]`;
             }
         }
     }