I have a text box that uses the Full HTML text format. I've checked the "Insert node" checkbox in the Full HTML text filter configuration page.

When the _node_make_replacements function gets the embed parameters, though, the ampersand between two parameters has been escaped as "&"

To get around this, I had to change the function:

$matches[2] = str_replace('&', '&', $matches[2]);
parse_str(trim(str_replace(' ', ' ', $matches[2])), $node->node_embed_parameters);

(I added the first line)

I think this would cause problems if any of the embed_parameters contained an HTML entity (like "&rquo;" or even "&" that isn't a parameter separator), but I'm not sure the best way to avoid it.

CommentFileSizeAuthor
#6 node_embed__decode_all_entities.patch539 bytesmichaelfavia

Comments

mrharolda’s picture

Priority: Normal » Major
Issue summary: View changes
mrharolda’s picture

Assigned: Unassigned » mrharolda
couloir007’s picture

I solved it by adding this to allow pipe delimited parameters.

if(preg_match('/|/', $matches[2])) {
  $matches[2] = str_replace('|', '&', $matches[2]);
}
sreynen’s picture

When I've seen this issue, it's another filter doing the escaping before the node embed filter runs, and the simplest solution is to change the filter order. It's complicated for node embed to handle this entirely internally because it could end up wrongly unescaping something that *should* be escaped, e.g. if you want to pass HTML entities in your query string. This may be a good reason to create a test suite for input and expected output. I'm not sure what the output should be for inputs like this, for example:

[node:1234 caption=B&W+photo+|+by+someone]
[node:1234 caption=B%26amp;W+photo+|+by+someone]
[node:1234 caption=B%26amp;W+photo+%7C+by+someone]

The proposals here will change that output from what it is currently, and there are likely sites already using node embed with input like that. Some change is unavoidable, but a test suite would help at least avoid unintentional changes.

couloir007’s picture

It is the full html CKEditor that is escaping it. I understand that. If I use full html no editor, it doesn't escape it. For me this would be fine, but I have people using it that require the editor. I'm sure there are better ways to solve this, but I have way too many things to do, and the solution I showed works. I put it in here for anyone else that has the same problem and needs a quick fix, not as a proposed solution for the module. With my solution you can use pipes with the CKEditor, and ampersands for no editor. I would think pipes are a better solution or some json style given the way ampersands are treated with escaping. The use of ampersands frequently seem to create headaches in my experience.

view_mode:node_embed, align:left seems like a good solution.

Thanks!
Sean

michaelfavia’s picture

StatusFileSize
new539 bytes

The problem is with the piecemeal htmlentity decoding on the "matches" variable int he processor. I have replaced the check for &nbsp with one to a full entity decoding. To get the instances where "filtered html" runs through the field first. While ideally we would prevent the filter module from escaping the ampersands or have it run after this filter in almost every use case neither is possible and this has no known sideffects.

Patch attached. Please test and RTBC if this solves it for you!

michaelfavia’s picture

Status: Active » Needs review