Title/Description meta value may not be safe for HTML output

Created on 17 March 2014, over 10 years ago

Updated 22 February 2023, over 1 year ago

Some of the sites we've been sharing include metatag values with several single quotes, double quotes, and other punctuation that is being output in the .tpl file.

I believe the 'title' tag uses a check_plain() function before outputting to HTML, but the 'title' and 'alt' attributes do not get a good cleaning when they are output to the link and img tags in the template, causing broken HTML from time to time due to quote balancing and termination.

Similarly, if the URL happens to have more than one "." period in the path (like "http://www.test.com/pics-from-11.13.2012") then there are big PHP problems occurring on all Drupal pages dealing with nodes and content.

Suggest adding !empty and check_plain() measures to all output values in the template.

🐛 Bug report

Status

Fixed

Component

Code

Created by

🇺🇸United States amaisano Boston

Live updates comments and jobs are added and updated live.

Comments & Activities

Comment over 1 year ago →
🇺🇦Ukraine loon Lutsk
@loon opened merge request.

Comment over 1 year ago →

System Message

loon → committed 9369bf8f on 7.x-1.x

Issue #2219491: Title/Description meta value may not be safe for HTML...

Issue was unassigned.
Status changed to Fixed over 1 year ago8:21pm 22 February 2023
Comment over 1 year ago →
🇺🇦Ukraine loon Lutsk
Comment over 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024