Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Problem/Motivation
The html select list created by views_selective_filters seems to encode the ampersand (' & ') character in the select option label so it displays (' & '). The field's option value (as opposed to the viewable label) correctly contains the single ampersand (' & ') .
Steps to reproduce
Add a views_selective_filter for any field in which the text string contains an ampersand (' & ') character. The resulting html select options value contains the single ampersand (' & '), however the drop-down label is displayed as (' & ') .
Example of what I see:
<select ...>
<option value="INTERPRETATIONS & TECH ADVICE">INTERPRETATIONS & TECH ADVICE</option>
</select>
Is there a way to use the ampersand character in a field value and have it appear correctly in the filter drop-down list exposed to the end-user?
Issue fork views_selective_filters-3213298
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
changes
Comments
Comment #4
dhirendra.mishra commentedComment #5
pablovos commentedIn file src/Plugin/views/filter/Selective.php all HTML characters are escaped, converting various characters to HTML entities (see HTML::escape).
Current code:
$oids[$key] = Html::escape($value);I propose to output this as:
$oids[$key] = preg_replace('<|>', '', $value);Which leaves allowed characters intact.
Comment #7
joelpittetThis is interesting... we can maybe see what Drupal Core does for this in terms of options labels and values. We don't want to double escape things and also don't want to have an XSS attack vector
Comment #8
joelpittetI replaced the escape with a strip_tags() as we have that in D7 as well and it will do the trick better.
Fixed in 777c0f36dd5ecf2c57dbc739c3f8a1c14e59cc93