Text in Views token replacement pattern

Fivestars are displayed as a form, if voting is allowed, with a "Rate" button with class .js-hide so that is hidden by core when Javascript is enabled. It sounds to me like the token you're using is not embedding the entire form, or perhaps you need to check "Use Ajax" in the Views UI for that page. Or perhaps you can use a token for the static Fivestar widget, which will only display the stars and not the form?

Regardless, it's not clear to me exactly how you have things configured or whether there is some other module involved. Please post information that will allow us to reproduce the problem on a clean site.

Here is what I get on a new site with Testfivestar field added to Article CT, in Views:

When the fivestar field is being displayed, it's shown as a form correctly, it's interactive and it works.

When the same field is printed out through a token in a Custom text field the result isn't the same. Everything is written out, and not interactive.

There is only one token for the related field. The expectation is that it should output the same HTML (a working form, if that applies, in any case the output should be the same as the field printed out directly and not through a token).

In your "Global: Custom text", did you try "Full HTML" as the text format? The default of "Basic HTML" sanitizes the output of the token, as you can see from the text area description that only certain tags are allowed.

@TR the allowed HTML seems to be fixed, it doesn't seem to follow Text format settings, and I don't see anywhere in Custom Text where that could be set. It's not like Text area that you can add in Header of Views, I can see the select dropdown there, but not in the Custom Text field.

I tried using the "Strip HTML tags" that has "Preserve certain tags" in the "Rewrite results", I added all the tags that I see in the regular output, but I'm still getting the same result of the same text output as from above.

Also, I would imagine that the HTML limitations in Custom Text are to be applied to the HTML you enter around the tokens, not the tokens themselves, since tokens are governed upstream, extra validation at this point down the line could break things unpredictably.

Is this then an issue about how replacement pattern tokens are handled in general? I don't think I've seen a token behave differently from the regular field output, when you're using the token for the entire field and not some data breakdown.

___________

Unrelated: I also see 2 additional tokens when trying to Rewrite the actual field in its own settings:

{{ field_fivestar__rating }} == Raw rating
{{ field_fivestar__target }} == Raw target

but these tokens aren't available in the Custom Text field. Why is that? Usually what I see is that all the tokens related to a field are available to the fields that follow it in the Fields list.

@TR the allowed HTML seems to be fixed, it doesn't seem to follow Text format settings, and I don't see anywhere in Custom Text where that could be set. It's not like Text area that you can add in Header of Views, I can see the select dropdown there, but not in the Custom Text field.

I see. Can you try the token in the header area to see if it is displayed properly when Full HTML is chosen?

These tokens are not generated directly by Fivestar - it is Drupal core that is responsible for exposing the field content as a token. My working theory in your case is that the token contains the correct HTML but it is being sanitized by Views. I don't know why Views doesn't allow you to change the text format in that case. But if you try it in the header perhaps we can see if the token does have the correct value.

Is there a reason you're using a token for fivestar in a text field in the View, rather than just using the fivestar rating field in the View?

I tried the fivestar token in the Header Text area, with Full HTML format, and the result is still wrong output, it doesn't show the form, only the text of the individual parts:

I tried playing with image field token and it's behaving correctly everywhere, it's showing image, linked or not, exactly as is set in its field settings, in regular Image field, Custom text, Header Text area, always shows up correctly. If I Rewrite the field with some image token on the Image field itself (because those tokens aren't available anywhere else), the output is propagated everywhere correctly, the Custom text and Header Text area are showing the output from the token selected in the Image Rewrite settings.

So far I only found fivestar is affected. What other module could I try with tokens that might shed more light on this?

The reason for using fivestar through a token is HTML control. Fivestar is being displayed along several other fields and there is HTML added around them so they display in the desired layout. All those fields are set to Exclude from display, and Custom text is outputting all of them with some HTML containers laying them out in the desired visual arrangement.

I am experiencing the same issue as portulaca. I would appreciate it if anyone who has found a solution could share it with me. This is affecting my portal and I need to resolve it as soon as possible.

Thank you

Bumping.

Same goals as outlined by others: I'd like to place the Fivestar field within a "Global: Custom text" field so that I can better control the layout/look-and-feel of my view.

However, the fivestar field gets parsed by `filter_xss_admin`, so the fivestar widget gets stripped of most of its functionality and just text remains:

`Give it 1/5Give it 2/5Give it 3/5Give it 4/5Give it 5/5`

I'm currently getting around this by using Views Unrestricted Custom Field module → , but I would like to see this issue patched on the Fivestar module itself.

The core issue is 🐛 Xss:filter() malforms inline image references with data uri scheme Needs work
You could try the patch there to see if it fixes the problem.

The Views Unrestricted Custom Field module works for this issue IF modified to work with Drupal 10 and/or 11. I'm more of the "site builder" type and I am making an effort to communicate at least that level, so excuse me if I over explain any of this.

1. Download Views Unrestricted Custom Field from https://www.drupal.org/project/vfcu/releases/1.0.0-beta2 → . Directly download the zip.
2. Unzip the vfcu=1.0.0-beta2.zip file, where ever you downloaded it to.
3. Open the info file (vfcu.info.yml) and change the core_version_requirement field to: core_version_requirement: ^8 || ^9 || ^10 || ^11, adding the ^10 and ^11.
4. Zip the file back up.
5. Go to your installation under Admin --> Extend and click "Add new module" and upload it and install it.
6. Go into your view and add a "Global: Custom text unrestricted" field and put the Fivestar Views tokens in the field. Viola!

My use case was making a custom and very dynamic teaser view that is rendered with a text field. Fivestar has to be in the view.

@tory-w: Thanks for bringing that module to my attention. I'll see if I can steal some ideas from that to allow the Fivestar field to circumvent the XSS filter imposed by core Views for this field.