You're right that the src attribute is being escaped, but it's not jQuery
doing it.
When in doubt, take jQuery out of the equation and find out what the browser
does natively:
var div = document.createElement( 'div' );
div.innerHTML = '<img src="{p1}" class="{p2}"/>';
alert( div.innerHTML );
I didn't test other browsers, but Firefox alerts:
<img src="%7Bp1%7D" class="{p2}">
I presume that this is because the browser knows that the src attribute
represents a URL and treats it accordingly, whereas the class attribute is
simply a plain string.
-Mike
> From: mikerobi
>
> In the following example: the src attribute is escaped but
> not the class attribute. I wouldn't expect any escaping.
>
> $('<div><img src="{p1}" class="{p2}"/></div>').html())
