views_handler_filter::prepare_filter_select_options() incorrectly converts HTML to plaintext [#1793236]

views_handler_filter::prepare_filter_select_options() tries to convert HTML to plain-text for displaying select options. It does this in a completely bogus way:

strip_tags(decode_entities($label));

This will convert a<b into a, because the < entity is decoded before stripping the tags.

The correct way would be:

decode_entities(strip_tags($label));

But I suggest this instead, which more closely keep the intend of the markup:

trim(str_replace("\n", " ", drupal_html_to_text($value)));

Comment	File	Size	Author
#8	views-html2plaintext-1793236-08.patch	535 bytes	David Castella
#8	7.x-3.x: PHP 5.3 & MySQL 5.5 216 pass PHP 5.4 & MySQL 5.5 216 pass PHP 5.5 & MySQL 5.5 216 pass PHP 5.6 & MySQL 5.5 216 pass
#5	views-html2plaintext-1793236-05.patch	535 bytes	mpdonadio
#5

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

dawehner

German

CreditAttribution: dawehner commented 24 September 2012 at 12:19

Assigned:

Unassigned

» dawehner

Link to the original issue: #1413750: escaped html element in html select element of exposed filter the actual patch had the right way to to it, but i just suggested to do it the wrong way :(

Comment #2

Shevchuk CreditAttribution: Shevchuk commented 23 April 2013 at 08:31

Any news on this issue?

Comment #3

dawehner

German

CreditAttribution: dawehner commented 23 April 2013 at 17:57

Sorry, please don't post such pointless comments. It annoys everyone. If there is an update, there is a comment.

Comment #4

capellic

he/him/his

Austin, Texas

CreditAttribution: capellic commented 21 February 2014 at 17:43

Issue summary:

View changes

I added this to a JS file in a module I created for various admin overrides. No, not the ultimate solution.

(function ($) {
  Drupal.behaviors.correct_ampersand = {
    attach: function(context, settings) {
      /** Change &amp; back to & in select options **/
      $('select option').each(function() {
        var text = $(this).text();
        if (text.indexOf('&amp;') >= 0) {
          text = text.replace("&amp;", "&");          
        }
        $(this).text(text);     
      });
    }
  }
})
(jQuery);

Comment #5

mpdonadio

he/him

English

Philadelphia/PA/USA (UTC-5)

CreditAttribution: mpdonadio commented 21 March 2014 at 17:44

Status:

Active

» Needs review

File	Size
views-html2plaintext-1793236-05.patch	535 bytes

This issue was linked from another one I was following (https://drupal.org/comment/7082854#comment-7082854). Here is a quick patch with Damien's suggestion. It works for me, but I was having trouble coming up with a good case to check against.

Comment #6

brahimmouhamou CreditAttribution: brahimmouhamou commented 6 October 2014 at 14:37

Also views_plugin_exposed_form:exposed_form_alter executes a check_plain() to convert special characters to HTML entities which leads to problems when use quotes or ampersands.

foreach ($this->view->sort as $id => $handler) {
      if ($handler->can_expose() && $handler->is_exposed()) {
        $exposed_sorts[$id] = check_plain($handler->options['expose']['label']);
      }
    }

Comment #7

18 August 2015 at 02:28

mpdonadio queued 5: views-html2plaintext-1793236-05.patch for re-testing.

Comment #8

David Castella CreditAttribution: David Castella commented 27 October 2015 at 16:33

File	Size
views-html2plaintext-1793236-08.patch	535 bytes
7.x-3.x: PHP 5.3 & MySQL 5.5 216 pass PHP 5.4 & MySQL 5.5 216 pass PHP 5.5 & MySQL 5.5 216 pass PHP 5.6 & MySQL 5.5 216 pass