Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
When using apostrophe in a taxonomy it is displayed as '
in the html-tittle of the page
The problem could be fixed by disabling the module "Metatag: Views" or updating the metatag.inc accordingly:
replacing the check_plain() by filter_xss()
class DrupalTitleMetaTag extends DrupalTextMetaTag {
public function getElement(array $options = array()) {
$element = array();
$value = filter_xss($this->getValue($options));
$element['#attached']['metatag_set_preprocess_variable'][] = array('html', 'head_title', $value);
$element['#attached']['metatag_set_preprocess_variable'][] = array('html', 'head_array', array('title' => $value));
return $element;
}
}
Comment | File | Size | Author |
---|---|---|---|
#14 | metatag-n2180031-14.patch | 1.99 KB | DamienMcKenna |
Comments
Comment #1
gvancout CreditAttribution: gvancout commentedComment #2
gvancout CreditAttribution: gvancout commentedComment #3
DamienMcKennaComment #4
haysuess CreditAttribution: haysuess commentedThis fixed the tag for me, but not in og:title, og:description, or the meta description.
Any word on that?
Comment #5
DamienMcKennaAll occurrences of check_plain() in metatag.inc would have to be replaced with filter_xss().
Comment #6
haysuess CreditAttribution: haysuess commentedI replaced the 2 occurrences of check_plain with filter_xss, cleared my caches, and viewed my source code and there are still & # 0 3 9 ; in place of apostrophes in og:title, meta description, and og:description.
Any ideas?
Comment #7
DamienMcKennaThis is honestly ok -
'
is a HTML entity which should be interpreted correctly by any OG processor, e.g. Facebook, LinkedIn, etc. Remember that HTML code is meant for computers to read, not people ;-)Comment #8
pedrorocha CreditAttribution: pedrorocha commentedThis is really not ok for visitors who see "'" in the browser tab title. If the main browser(Google Chrome) in the market doesn't recognize this approach, should it be revisited, right?
Comment #9
pedrorocha CreditAttribution: pedrorocha commentedI fixed by applying the following on html.tpl.php
Comment #10
DamienMcKennaI wasn't able to reproduce this with the current -dev release. I added an ampersand to a node's title, and using the [node:title] token it is output as an ampersand for the title and as the HTML entity in other meta tag values.
What tokens are you using? Is there a difference between the HTML shown for the title tag versus e.g. og:title, which should be using the same token?
Comment #11
rudiedirkx CreditAttribution: rudiedirkx commentedI have the opposite problem. head_title isn't html encoded, so it says
which is wrong, because
&
should be encoded to&
, like Drupal core does correctly.It definitely should not strip tags or filter XSS, becauseDrupal apparently does it too,"My <strong> page title"
is a perfectly valid title and the<
and>
belong there.strip_tags()
, so we'll assume that's correct.I think values should always be html encoded and that's it. Not stripped or filtered. Reality is probably more complex.
(Was wrong in 1.4 and still wrong in 1.5+dev a59eb98.)
Comment #12
rudiedirkx CreditAttribution: rudiedirkx commentedDefinitely a bug somewhere. Too little encoding in my case.
Comment #13
rudiedirkx CreditAttribution: rudiedirkx commentedI can fix it like this, but that shouldn't be necessary:
I don't understand how someone could have double encoded values, when I have 0 encoded values...
Comment #14
DamienMcKennaI was able to track this down - the problem isn't strings coming through from the {metatag} table, it's values being passed through from tokens. And, of course, the tests weren't covering that scenario. This should fix the problem.
Comment #16
DamienMcKennaCommitted!