Problem/Motivation

After updating to 7.x-1.0-alpha9 from 7.x-1.0-alpha8 the
we used in the titles to have a new line started being sanitized, i.e., it displays
instead of breaking the line.

This seems a consequence of the security fix, namely the introduction of check_plain in link.module:766.

I understand that this behaviour could be changed by setting $options['sanitize'] to false, however when using panels I cannot find anywhere to easily do this.

Example call trace when problem occurs:
example call trace

Proposed resolution

I am not sure how/if this can be resolved but as work around I am using filter_xss($item, ['br']) instead of check_plain. Also considered filter_xss_admin.

Any ideas are welcome. Thanks in advance.

CommentFileSizeAuthor
call_trace.png36.53 KBvieira
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

vieira created an issue. See original summary.

vieira’s picture

vieira CreditAttribution: vieira commented

8119fa2 seems to fix the issue but all the title fields that previously worked fine as full_html must now be converted to some other format that does not have autop in the set of filters that check_markup executes.

plach’s picture

plach
he/him
Primary language Italian
Location Venezia
CreditAttribution: plach as a volunteer commented
Category: Bug report » Support request
Status: Active » Needs review

You could install the -dev version and change the "Text processing" option in the Title field from "Plain text" to "Filtered text (user selects text format)".

pifagor’s picture

pifagor
Location 🇺🇦 Rivne
CreditAttribution: pifagor as a volunteer and at Drupal Ukraine Community, GOLEMS GABB for Drupal Ukraine Community, GOLEMS GABB commented
Status: Needs review » Fixed
pifagor’s picture

pifagor
Location 🇺🇦 Rivne
CreditAttribution: pifagor as a volunteer and at Drupal Ukraine Community, GOLEMS GABB for Drupal Ukraine Community, GOLEMS GABB commented
Status: Fixed » Closed (fixed)