🔧

vendor/nesbot/carbon/sponsors.php

@@ -26,6 +26,15 @@ function getMaxHistoryMonthsByAmount($amount): int
     return 2;
 }
 
+function getHtmlAttribute($rawValue): string
+{
+    return str_replace(
+        ['​', "\r"],
+        '',
+        trim(htmlspecialchars((string) $rawValue), "  \n\r\t\v\0"),
+    );
+}
+
 function getOpenCollectiveSponsors(): string
 {
     $customSponsorImages = [
@@ -102,8 +111,8 @@ function getOpenCollectiveSponsors(): string
         $height = $member['status'] === 'sponsor' ? 64 : 42;
         $width = min($height * 2, $validImage ? round($x * $height / $y) : $height);
         $href .= (strpos($href, '?') === false ? '?' : '&').'utm_source=opencollective&utm_medium=github&utm_campaign=Carbon';
-        $title = htmlspecialchars(($member['description'] ?? null) ?: $member['name']);
-        $alt = htmlspecialchars($member['name']);
+        $title = getHtmlAttribute(($member['description'] ?? null) ?: $member['name']);
+        $alt = getHtmlAttribute($member['name']);
 
         return "\n".'<a title="'.$title.'" href="'.$href.'" target="_blank">'.
             '<img alt="'.$alt.'" src="'.$src.'" width="'.$width.'" height="'.$height.'">'.