Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Hello,
Somehow I managed to find myself in a bit of a state, trying to find why the Title in a views result for the referenced node title was being displayed having not been fully escaped.
In particular, there was quite a major issue with titles containing apostrophes ending up with them showing up with ''s appearing all over the shop. The node itself was showing up fine and so I pinpointed it to some type of Views filtering shenanigens.
After poking around a bit, I seem to have managed to fix the problem - at least for the moment - as follows:
in views/handlers/views_handler_field.inc in function render_as_link() I altered the line
$value .= l($text, $path, $options);
to
$value .= l(preg_replace('/[\t\n\r\0\x0B]/', '', html_entity_decode(strip_tags($text), ENT_QUOTES)), $path, $options);
I wonder though what the repercussions of doing this are, in terms of susceptibility to XSS for example, if I'm blindly decoding entities on links?
-R
Comments
Comment #1
MustangGB CreditAttribution: MustangGB commented