public static function escapeHtmlAttr($s, $double = TRUE)
{
$double = $double && $s instanceof IHtmlString ? FALSE : $double;
$s = (string) $s;
if (strpos($s, '`') !== FALSE && strpbrk($s, ' <>"\'') === FALSE) {
$s .= ' ';
// protection against innerHTML mXSS vulnerability nette/nette#1496
}
return htmlSpecialChars($s, ENT_QUOTES, 'UTF-8', $double);
}