diff --git a/.changeset/brave-pears-matter.md b/.changeset/brave-pears-matter.md
new file mode 100644
index 0000000000..6ab2a4d9bb
--- /dev/null
+++ b/.changeset/brave-pears-matter.md
@@ -0,0 +1,5 @@
+---
+"svelte": patch
+---
+
+fix: sanitize template-literal-special-characters in SSR attribute values
diff --git a/packages/svelte/src/compiler/phases/3-transform/server/visitors/shared/utils.js b/packages/svelte/src/compiler/phases/3-transform/server/visitors/shared/utils.js
index ee14a4d135..1af283791c 100644
--- a/packages/svelte/src/compiler/phases/3-transform/server/visitors/shared/utils.js
+++ b/packages/svelte/src/compiler/phases/3-transform/server/visitors/shared/utils.js
@@ -225,7 +225,7 @@ export function build_attribute_value(
const node = value[i];
if (node.type === 'Text') {
- quasi.value.raw += trim_whitespace
+ quasi.value.cooked += trim_whitespace
? node.data.replace(regex_whitespaces_strict, ' ')
: node.data;
} else {
@@ -244,6 +244,10 @@ export function build_attribute_value(
}
}
+ for (const quasi of quasis) {
+ quasi.value.raw = sanitize_template_string(/** @type {string} */ (quasi.value.cooked));
+ }
+
return b.template(quasis, expressions);
}
diff --git a/packages/svelte/tests/server-side-rendering/samples/attribute-template-literal-sanitization/_expected.html b/packages/svelte/tests/server-side-rendering/samples/attribute-template-literal-sanitization/_expected.html
new file mode 100644
index 0000000000..a4bbe1a371
--- /dev/null
+++ b/packages/svelte/tests/server-side-rendering/samples/attribute-template-literal-sanitization/_expected.html
@@ -0,0 +1,3 @@
+
+
+
diff --git a/packages/svelte/tests/server-side-rendering/samples/attribute-template-literal-sanitization/main.svelte b/packages/svelte/tests/server-side-rendering/samples/attribute-template-literal-sanitization/main.svelte
new file mode 100644
index 0000000000..ec1a4a140e
--- /dev/null
+++ b/packages/svelte/tests/server-side-rendering/samples/attribute-template-literal-sanitization/main.svelte
@@ -0,0 +1,7 @@
+
+
+
+
+