Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By James Harvard on
(I'm fairly new to Drupal and, though an experienced web developer, fairly new to PHP too, so I thought I would get some second opinions here before entering a bug report about this.)
Drupal's l() function uses (via Drupal's check_plain()) PHP's htmlspecialchars() function to encode link text. This means that characters that should be HTML encoded (such as an ellipsis which should be encoded as …) are not encoded, thus breaking HTML validation.
As l() has a parameter for 'link text is HTML', then surely any other link text should be fully HTML encoded using htmlentities().
I was going to enter a bug report about this, but as I'm fairly new to Drupal and, though an experienced web developer, fairly new to PHP too I thought I would just check first here in case I was missing a specific reason for l() working this way.
Thanks, James Harvard
