Index: branches/5.2.x/core/units/images/image_tag_processor.php
===================================================================
diff -u -N -r15601 -r15856
--- branches/5.2.x/core/units/images/image_tag_processor.php	(.../image_tag_processor.php)	(revision 15601)
+++ branches/5.2.x/core/units/images/image_tag_processor.php	(.../image_tag_processor.php)	(revision 15856)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: image_tag_processor.php 15601 2012-11-02 14:18:43Z alex $
+* @version	$Id: image_tag_processor.php 15856 2013-07-02 14:56:00Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2011 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -40,8 +40,11 @@
 		$block_params['img_path'] = $image_url;
 		$image_dimensions = $this->ImageSize($block_params);
 		$block_params['img_size'] = $image_dimensions ? $image_dimensions : ' width="' . $block_params['DefaultWidth'] . '"';
-		$block_params['alt'] = $object->GetField('AltName') ? $object->GetField('AltName') : htmlspecialchars($this->getItemTitle($parent_item), null, CHARSET);
+		$block_params['alt'] = $object->GetField('AltName') ? $object->GetField('AltName') : $this->getItemTitle($parent_item);
 		$block_params['align'] = array_key_exists('align', $block_params) ? $block_params['align'] : 'left';
+
+		// TODO: consider escaping in template instead
+		$block_params['alt'] = kUtil::escape($block_params['alt']);
 	}
 
 	/**
@@ -447,7 +450,7 @@
 		$params['img_path'] = $image_url;
 		$image_dimensions = $this->ImageSize($params);
 		$params['img_size'] = $image_dimensions ? $image_dimensions : ' width="' . $params['DefaultWidth'] . '"';
-		$params['alt'] = htmlspecialchars($object->GetField('AltName'), null, CHARSET); // really used ?
+		$params['alt'] = $object->GetField('AltName'); // really used ?
 		$params['name'] = $this->SelectParam($params, 'block,render_as');
 		$params['align'] = array_key_exists('align', $params) ? $params['align'] : 'left';
 		$params['no_editing'] = 1;
@@ -456,6 +459,9 @@
 			return '';
 		}
 
+		// TODO: consider escaping in template instead
+		$params['alt'] = kUtil::escape($params['alt']);
+
 		return $this->Application->ParseBlock($params);
 	}