Values with ampersand (' & ') appear as (' & ') in select list

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Merge request !6amp issue fixed → (Closed) created by dhirendra.mishra
Comment over 1 year ago →
🇧🇪Belgium pablovos
In file src/Plugin/views/filter/Selective.php all HTML characters are escaped, converting various characters to HTML entities (see HTML::escape).

Current code:

$oids[$key] = Html::escape($value);

I propose to output this as:

$oids[$key] = htmlspecialchars($value, ENT_SUBSTITUTE);

Which leaves allowed characters intact.
Comment about 2 months ago →
🇨🇦Canada joelpittet Vancouver
joelpittet → changed the visibility of the branch 3213298-values-with-ampersand to hidden.
Comment about 2 months ago →
🇨🇦Canada joelpittet Vancouver
This is interesting... we can maybe see what Drupal Core does for this in terms of options labels and values. We don't want to double escape things and also don't want to have an XSS attack vector
Status changed to Fixed about 2 months ago11:32pm 5 April 2024
Comment about 2 months ago →
🇨🇦Canada joelpittet Vancouver
I replaced the escape with a strip_tags() as we have that in D7 as well and it will do the trick better.

Fixed in 777c0f36dd5ecf2c57dbc739c3f8a1c14e59cc93
Comment about 2 months ago →
System Message
joelpittet → closed merge request !6
Comment about 1 month ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

Merge Requests