If you visit a D8 site as an authenticated user and add a query string parameter which includes a quotation mark, then a JavaScript error will be thrown.

E.g. go to /search?keywords=it's

Uncaught DOMException: Failed to execute 'querySelectorAll' on 'Document': '[data-drupal-link-system-path="search"]:not([hreflang])[data-drupal-link-query='{"keywords":"it's"}'],[data-drupal-link-system-path="search"][hreflang="en"][data-drupal-link-query='{"keywords":"it's"}']' is not a valid selector.

This does not effect anonymous users as the core/drupal.active-link library is only attached if the current user is authenticated.

Members fund testing for the Drupal project. Drupal Association Learn more


keeganstreet created an issue. See original summary.

keeganstreet’s picture

This patch escapes single quote characters before passing the string on to be used as input for querySelectorAll.

keeganstreet’s picture

Patch for 8.4.x with ES6.

keeganstreet’s picture

Previous patch throws error if drupalSettings.path.currentQuery is undefined. This is a new patch for 8.3.x.

keeganstreet’s picture

Previous 8.4.x patch throws error if drupalSettings.path.currentQuery is undefined. This is a new patch for 8.4.x.

cilefen’s picture

Version: 8.3.x-dev » 8.5.x-dev
Status: Active » Needs review

Hi: we do not expect any more 8.3.x commits except possibly of critical issues.

Status: Needs review » Needs work

The last submitted patch, 5: active_link_js_throws-2902769-5.patch, failed testing. View results

keeganstreet’s picture

keeganstreet’s picture

That's fine @cilefen, active_link_js_throws-2902769-5.patch applies on 8.4.x and 8.5.x.

keeganstreet’s picture

cilefen’s picture

Status: Needs work » Needs review
droplet’s picture

Status: Needs review » Needs work
Issue tags: +JavaScript, +Needs JS testing

This is a quick fix to mute the error report but will not match the correct query string

The active link contains a bug. Any query string contains `'` or `\` [..more] doesn't match already..



the ordering affected the matching also. However, `node?a=1&b=2` and `node?b=2&a=1` is the same URL in W3C spec, right? (Drupal will give the same result I think)

Also, the [data-drupal-link-query] printed from PHP, we should keep the escape same way. It should not JSON IMO.

Wim Leers’s picture

This definitely needs JS test coverage.

And we need to keep it in sync with the PHP logic.

Version: 8.5.x-dev » 8.6.x-dev

Drupal 8.5.0-alpha1 will be released the week of January 17, 2018, which means new developments and disruptive changes should now be targeted against the 8.6.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.