Correctly escape custom product image attributes

app/code/Magento/Catalog/Block/Product/Image.php

@@ -14,7 +14,7 @@
  * @method string getHeight()
  * @method string getLabel()
  * @method float getRatio()
- * @method string getCustomAttributes()
+ * @method array getCustomAttributes()
  * @method string getClass()
  * @since 100.0.2
  */

app/code/Magento/Catalog/Block/Product/ImageFactory.php

@@ -68,20 +68,17 @@ public function __construct(
     }
 
     /**
-     * Retrieve image custom attributes for HTML element
+     * Remove class from custom attributes
      *
      * @param array $attributes
-     * @return string
+     * @return array
      */
-    private function getStringCustomAttributes(array $attributes): string
+    private function filterCustomAttributes(array $attributes): array
     {
-        $result = [];
-        foreach ($attributes as $name => $value) {
-            if ($name != 'class') {
-                $result[] = $name . '="' . $value . '"';
-            }
+        if (isset($attributes['class'])) {
+            unset($attributes['class']);
         }
-        return !empty($result) ? implode(' ', $result) : '';
+        return $attributes;
     }
 
     /**
@@ -161,7 +158,7 @@ public function create(Product $product, string $imageId, array $attributes = nu
         }
 
         $attributes = $attributes === null ? [] : $attributes;
-        
+
         $data = [
             'data' => [
                 'template' => 'Magento_Catalog::product/image_with_borders.phtml',
@@ -170,7 +167,7 @@ public function create(Product $product, string $imageId, array $attributes = nu
                 'height' => $imageMiscParams['image_height'],
                 'label' => $this->getLabel($product, $imageMiscParams['image_type']),
                 'ratio' => $this->getRatio($imageMiscParams['image_width'], $imageMiscParams['image_height']),
-                'custom_attributes' => $this->getStringCustomAttributes($attributes),
+                'custom_attributes' => $this->filterCustomAttributes($attributes),
                 'class' => $this->getClass($attributes),
                 'product_id' => $product->getId()
             ],

app/code/Magento/Catalog/Test/Unit/Block/Product/ImageFactoryTest.php

@@ -144,7 +144,7 @@ private function getTestDataWithoutAttributes(): array
                     'height' => 100,
                     'label' => 'test_image_label',
                     'ratio' => 1,
-                    'custom_attributes' => '',
+                    'custom_attributes' => [],
                     'product_id' => null,
                     'class' => 'product-image-photo'
                 ],
@@ -202,7 +202,10 @@ private function getTestDataWithAttributes(): array
                     'height' => 50,
                     'label' => 'test_product_name',
                     'ratio' => 0.5, // <==
-                    'custom_attributes' => 'name_1="value_1" name_2="value_2"',
+                    'custom_attributes' => [
+                        'name_1' => 'value_1',
+                        'name_2' => 'value_2',
+                    ],
                     'product_id' => null,
                     'class' => 'my-class'
                 ],

app/code/Magento/Catalog/view/frontend/templates/product/image.phtml

@@ -7,7 +7,9 @@
 <?php /** @var $block \Magento\Catalog\Block\Product\Image */ ?>
 
 <img class="photo image <?= $block->escapeHtmlAttr($block->getClass()) ?>"
-    <?= $block->escapeHtml($block->getCustomAttributes()) ?>
+    <?php foreach ($block->getCustomAttributes() as $name => $value): ?>
+        <?= $block->escapeHtmlAttr($name) ?>="<?= $block->escapeHtmlAttr($value) ?>"
+    <?php endforeach; ?>
     src="<?= $block->escapeUrl($block->getImageUrl()) ?>"
     width="<?= $block->escapeHtmlAttr($block->getWidth()) ?>"
     height="<?= $block->escapeHtmlAttr($block->getHeight()) ?>"

app/code/Magento/Catalog/view/frontend/templates/product/image_with_borders.phtml

@@ -11,7 +11,9 @@
     <span class="product-image-wrapper"
           style="padding-bottom: <?= ($block->getRatio() * 100) ?>%;">
         <img class="<?= $block->escapeHtmlAttr($block->getClass()) ?>"
-            <?= $block->escapeHtmlAttr($block->getCustomAttributes()) ?>
+            <?php foreach ($block->getCustomAttributes() as $name => $value): ?>
+                <?= $block->escapeHtmlAttr($name) ?>="<?= $block->escapeHtmlAttr($value) ?>"
+            <?php endforeach; ?>
             src="<?= $block->escapeUrl($block->getImageUrl()) ?>"
             max-width="<?= $block->escapeHtmlAttr($block->getWidth()) ?>"
             max-height="<?= $block->escapeHtmlAttr($block->getHeight()) ?>"

dev/tests/integration/testsuite/Magento/Swatches/Block/Product/ListProductTest.php

@@ -166,7 +166,7 @@ private function assertProductImage(array $images, string $area, array $expectat
         $this->updateProductImages($images);
         $productImage = $this->listingBlock->getImage($this->productRepository->get('configurable'), $area);
         $this->assertInstanceOf(Image::class, $productImage);
-        $this->assertEquals($productImage->getCustomAttributes(), '');
+        $this->assertEquals($productImage->getCustomAttributes(), []);
         $this->assertEquals($productImage->getClass(), 'product-image-photo');
         $this->assertEquals($productImage->getRatio(), 1.25);
         $this->assertEquals($productImage->getLabel(), $expectation['label']);