Problem/Motivation

I am using custom tokens created using hook_token_info and hook_token to pass default values into text fields on a Webform (contact) form. When the content in the token contains a single quote it will be displayed as the corresponding HTML code '

See the bottom text field in the attached image for an example.

I have tested this issue only for the text field and not with the other elements that can accept a textual default value.
Other special characters don't seem to be displayed as HTML code.

Correction: The single and double quote characters show the same behaviour, appearing as HTML code.

Steps to reproduce

I have created a small test module that provides a static text with a single quote in a token named [webform_token_test:display_name].

  1. Install the attached "webtoken_test_module" and enable it.
  2. After enabling of the module the Webform Token UI should show a category "Webform tokens (test)" in the UI for "Browse available tokens.".
  3. Create a webform with a text field and insert the token [webform_token_test:display_name] as default value.
  4. View the webform

Proposed resolution

Create a patch so that single quotes can be properly displayed.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

geroldk created an issue. See original summary.

jrockowitz’s picture

Do double quotes have the same problem?

jrockowitz’s picture

What is the token value that you are using?

geroldk’s picture

Double quotes have the same issue, appearing as " .

I am using my own tokens. The value of the token as shown in the image is Catzi's profile display name, with the single quote correct. I have verified this in the module where I generate the tokens.

geroldk’s picture

Issue summary: View changes

Update issue summary.

jrockowitz’s picture

I need to know what type of token you are using.

Here is an example of what I am looking for [current-user:field_name]

geroldk’s picture

Issue summary: View changes
FileSize
9.33 KB
geroldk’s picture

Updated the issue summary with steps to reproduce. Attached test module to #7. This module can be used to reproduce the issue.

jrockowitz’s picture

Status: Active » Needs review

Any token value with HTML is escaped unless hook_tokens explicitly returns Markup.

From: Token::replace

  ...
  // Escape the tokens, unless they are explicitly markup.
  foreach ($replacements as $token => $value) {
    $replacements[$token] = $value instanceof MarkupInterface ? $value : new HtmlEscapedText($value);
  }
  ...

In your code, you would need to change...

$replacements[$original] = "Gerold's token test - single quotes";

...to...

$replacements[$original] = \Drupal\Core\Render\Markup::create("Gerold's token test - single quotes");

I did not know about this issue so it possible that Webform tokens may have the same problem.

geroldk’s picture

Status: Needs review » Reviewed & tested by the community

@jrockowitz Your suggestion #9 to use \Drupal\Core\Render\Markup::create() works fine for me. Thanks for providing this solution and the explanation.

jrockowitz’s picture

Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

deepak_123’s picture

The exact same thing happens in D7 webform 7.x-4.12 too. I don't see any custom hook for tokens in my codebase. Any suggestions?

jrockowitz’s picture

You should create a new ticket for the D7 version.

Please make sure to search for any existing issues. https://www.drupal.org/project/issues/webform?text=token+html