Title/Description meta value may not be safe for HTML output

Created on 17 March 2014, almost 11 years ago
Updated 22 February 2023, almost 2 years ago

Some of the sites we've been sharing include metatag values with several single quotes, double quotes, and other punctuation that is being output in the .tpl file.

I believe the 'title' tag uses a check_plain() function before outputting to HTML, but the 'title' and 'alt' attributes do not get a good cleaning when they are output to the link and img tags in the template, causing broken HTML from time to time due to quote balancing and termination.

Similarly, if the URL happens to have more than one "." period in the path (like "http://www.test.com/pics-from-11.13.2012") then there are big PHP problems occurring on all Drupal pages dealing with nodes and content.

Suggest adding !empty and check_plain() measures to all output values in the template.

πŸ› Bug report
Status

Fixed

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States amaisano Boston

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024