Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.SmartBreadcrumb Node adds a htmlspecialchars around the $node->title but this has already been done earlier in the chain causing & to really become &.
| Comment | File | Size | Author |
|---|---|---|---|
| #5 | smart_breadcrumb_double_escape.patch | 437 bytes | tstackhouse |
| #1 | smart_breadcrumb_node-1310106-0.patch | 498 bytes | andrew m riley |
Comments
Comment #1
andrew m riley commentedI wrote a patch about it. Like to see it? Well here it is.
To reproduce this problem:
1) disable the smart_breadcrumb_menu module
2) Create a node with "Test & blah" as the title
3) Create a child node (make the url be a child of the node in #2)
4) Navigate to the node created in #3.
Comment #2
divThis commentedI've applied the above patch with no issues. Patch is included in version 6.x-1.2.
Comment #3
divThis commentedComment #4
tstackhouse commentedI'm experiencing this behaviour in 1.3, using the exact circumstances described in #1.
Comment #5
tstackhouse commentedI figured out where this is happening, the issue stems from line 315 in menu_breadcrumb.inc in set_crumb()
$crumb = l($title['title'], $title['path'], $link_options);
l() runs the text through check_plain() which calls htmlspecialchars(). By this point, the '&' is already escaped and gets escaped again.
In addition, on line 95 in filter_titles() check_plain is called again:
$titles[$module]['title'] = check_plain($titles[$module]['title']);
I've attached a patch that should address this.
Comment #6
petermallett commentedI've applied the above patch and included in version 6.x-1.4.