TYPO3 Core

Hi folks,

I ran into a strange issue where htmlspecialchars does not convert the values of _trustedProperties:

 <form enctype="multipart/form-data" method="post" id="kontakt-7" action="/kontakt-jobs?tx_form_formframework%5Baction%5D=perform&tx_form_formframework%5Bcontroller%5D=FormFrontend&cHash=2eeb955eb166619117175e660fd17785#kontakt-7">
<div><input type="hidden" name="tx_form_formframework[kontakt-7][__state]" value="TzozOToiVFlQTzNcQ01TXEZvcm1cRG9tYWluXFJ1bnRpbWVcRm9ybVN0YXRlIjoyOntzOjI1OiIAKgBsYXN0RGlzcGxheWVkUGFnZUluZGV4IjtpOjA7czoxMzoiACoAZm9ybVZhbHVlcyI7YTowOnt9fQ==47e665a7bacbc2014853287e4e8664dd5638d842" />

<input type="hidden" name="tx_form_formframework[__trustedProperties]" value="{"kontakt-7":{"singleselect-1":1,"vorname":1,"text-1":1,"email-1":1,"fileupload-1":{"name":1,"type":1,"tmp_name":1,"error":1,"size":1},"message":1,"X7Y0DUKo":1,"__currentPage":1}}87ae27b389520f34d3248e1a2ce39b28cc3259cc" />

</div>

I was able to track the error down to sysext/fluid/Classes/ViewHelpers/FormViewHelper.php.
In line 468, htmlspecialchars($requestHash) does not escape the double quotes, thereby messing up the hidden field.

Any other form using f:form, rendered on the same page during the same request, works fine, for example

<input type="hidden" name="tx_mindshapecookieconsent_consent[__trustedProperties]" value="{&quot;consent&quot;:{&quot;isAjaxRequest&quot;:1,&quot;currentUrl&quot;:1,&quot;deny&quot;:1,&quot;selectAll&quot;:1}}3678d30744b7197d750d09fd07b7d1f5c576009f" />

I've tested it using php7.4, 8.0 and 8.1, the behaviour stays the same.