ContentFormat image HTML source needs to escape attributes

[thibaudcolas]

From #2001 – the alt attribute contents need escaping for HTML, here:

djangoproject.com/blog/models.py

Lines 67 to 74 in 92ca24f

	def img(self, url, alt_text):
	"""
	Generate the source code for an image in the current format
	"""
	CF = type(self)
	return {
	CF.REST: f".. image:: {url}\n :alt: {alt_text}",
	CF.HTML: f'<img src="{url}" alt="{alt_text}">',

.

As-is, the "Raw HTML" copy button will generate invalid markup when it contains double quotes. For example:

<img src="https://media.djangoproject.com/blog/images/2025/04/20250416-run-your-tests-against.webp" alt="Sage presenting, holding a microphone. To his right his title slide states "Run your tests against Django’s main!", "Django London Meetup", "Thursday, 13 February 2025"">

[bmispelon]

Good catch, thanks for reporting it! 🎸

I've opened a PR with a fix for this and other escaping issues: #2036