The filter freaks our when there is ">" in one of the attributes [#2856897]

When a user insert a text with a link and that link have the title attribute which contains ">" the filter freaks out. For eaxmple:

<a href='http://google.com' title='Foo >'>Google</a>

The text turns out to be:
<a href="http://google.com">'>dasdasd</a>

Which looks like
'>dasdasd

That comes from _wysiwyg_filter_xss_split which the REGEX pattern try to find where the html element breaks and thinks the ">" in the title attribute and then break the html tag.

Comment	File	Size	Author
#4	wysiwyg_filter-2856897-4-The-filter-freaks-our-when-there-is-in.patch	1.23 KB	geek-merlin
#4	7.x-1.x: PHP 5.3 & MySQL 5.5, D7.56 Composer require failure PHP 5.3 & MySQL 5.5, D7 No tests found

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

1 March 2017 at 09:03

RoySegall created an issue. See original summary.

Comment #2

geek-merlin

they/omg

German

Freiburg, Germany

CreditAttribution: geek-merlin at MachbarMacher commented 2 October 2017 at 19:57

Title:	The filter freaks our when there in an apostrophes in one of the attributes	» The filter freaks our when there is ">" in one of the attributes
Priority:	Normal	» Major
Issue summary:	View changes

Huh, this is an ugly consequency of the regexp-parsing of this module.

Yes, ">" is allowed.
https://stackoverflow.com/questions/94528/is-u003e-greater-than-sign-all...

IMHO it's this regexp line in wysiwyg_filter_filter_wysiwyg_process():

    <[^>]*(>|$)       # a string that starts with a <, up until the > or the end of the string

Comment #3

geek-merlin

they/omg

German

Freiburg, Germany

CreditAttribution: geek-merlin at MachbarMacher commented 2 October 2017 at 20:08

http://www.mkyong.com/regular-expressions/how-to-validate-html-tag-with-...

Comment #4

geek-merlin

they/omg

German

Freiburg, Germany

CreditAttribution: geek-merlin at MachbarMacher commented 2 October 2017 at 20:11

Status:

Active

» Needs review

File	Size
wysiwyg_filter-2856897-4-The-filter-freaks-our-when-there-is-in.patch	1.23 KB
7.x-1.x: PHP 5.3 & MySQL 5.5, D7.56 Composer require failure PHP 5.3 & MySQL 5.5, D7 No tests found

This should do it. Please test.

Comment #5

2 October 2017 at 20:17

Status:

Needs review

» Needs work

The last submitted patch, 4: wysiwyg_filter-2856897-4-The-filter-freaks-our-when-there-is-in.patch, failed testing. View results

Comment #6

geek-merlin

they/omg

German

Freiburg, Germany

CreditAttribution: geek-merlin at MachbarMacher commented 3 October 2017 at 18:35

Status:

Needs work

» Needs review

Drupal infra bug...

Comment #7

4 October 2017 at 23:51

axel.rutz committed edf3172 on 7.x-1.x

Issue #2856897: The filter freaks our when there is ">" in one of the...

Comment #8

geek-merlin

they/omg

German

Freiburg, Germany

CreditAttribution: geek-merlin at MachbarMacher commented 6 October 2017 at 23:35

Status:

Needs review

» Fixed

Comment #9

20 October 2017 at 23:39

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

The filter freaks our when there is ">" in one of the attributes

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

Comment #9

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community