Problem/Motivation

A feed title which contain special html characters, such as "&" is displayed as double escaped text. The feed title can be found in the feed-icon.html.twig and in the a link tag in the html head. See screenshots below.

Double escaped feed title
Double escaped feed title

Steps to reproduce

  • Create page view with feed.
  • Use the "&" character in the feed title.
  • Assign the feed to the page.
  • Notice the "&" feed title in the rendered feed link and head link.

Proposed resolution

Prevent double escaping.

Remaining tasks

To be determined.

User interface changes

No double escaped special characters.

API changes

To be determined.

Data model changes

To be determined.

Release notes snippet

To be determined.

CommentFileSizeAuthor
#13 views-rss-double-encoded.png43.27 KBcboyden
#4 3121971-double-escaped-feed-link.png12.92 KBsutharsan
screenshot.PNG3.5 KBtobiberlin

Issue fork drupal-3121971

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

  • 3121971-feed-title Comparecompare
About issue forks

Comments

tobiberlin created an issue. See original summary.

tobiberlin’s picture

tobiberlin
Primary language German
Location Berlin, Germany
commented
Title: feed-inco.html.twig with double escaped titles » feed-icon.html.twig with double escaped titles

Version: 8.8.x-dev » 8.9.x-dev

Drupal 8.8.7 was released on June 3, 2020 and is the final full bugfix release for the Drupal 8.8.x series. Drupal 8.8.x will not receive any further development aside from security fixes. Sites should prepare to update to Drupal 8.9.0 or Drupal 9.0.0 for ongoing support.

Bug reports should be targeted against the 8.9.x-dev branch from now on, and new development or disruptive changes should be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

sutharsan’s picture

sutharsan commented
Title: feed-icon.html.twig with double escaped titles » Feed title is double escaped
Version: 8.9.x-dev » 9.2.x-dev
Issue summary: View changes
StatusFileSize
new 3121971-double-escaped-feed-link.png12.92 KB
sutharsan’s picture

sutharsan commented
Status: Active » Needs review
Issue tags: +Needs tests

Needs a test.

Version: 9.2.x-dev » 9.3.x-dev

Drupal 9.1.10 (June 4, 2021) and Drupal 9.2.10 (November 24, 2021) were the last bugfix releases of those minor version series. Drupal 9 bug reports should be targeted for the 9.3.x-dev branch from now on, and new development or disruptive changes should be targeted for the 9.4.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.15 was released on June 1st, 2022 and is the final full bugfix release for the Drupal 9.3.x series. Drupal 9.3.x will not receive any further development aside from security fixes. Drupal 9 bug reports should be targeted for the 9.4.x-dev branch from now on, and new development or disruptive changes should be targeted for the 9.5.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

borisson_’s picture

borisson_
Primary language Dutch
Location Mechelen, 🇧🇪
commented
Status: Needs review » Active
Issue tags: +Bug Smash Initiative

This issue does not have a patch, so needs review is the wrong status. We should probably get a new test in as well.

Version: 9.4.x-dev » 9.5.x-dev

Drupal 9.4.9 was released on December 7, 2022 and is the final full bugfix release for the Drupal 9.4.x series. Drupal 9.4.x will not receive any further development aside from security fixes. Drupal 9 bug reports should be targeted for the 9.5.x-dev branch from now on, and new development or disruptive changes should be targeted for the 10.1.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.5.x-dev » 11.x-dev

Drupal core is moving towards using a “main” branch. As an interim step, a new 11.x branch has been opened, as Drupal.org infrastructure cannot currently fully support a branch named main. New developments and disruptive changes should now be targeted for the 11.x branch. For more information, see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

mstrelan’s picture

mstrelan commented

This was previously fixed in #1211668: Special characters are encoded twice for feed icon attribute title and we have \Drupal\Tests\system\Kernel\Common\AddFeedTest::testFeedIconEscaping testing for it. Is this not working correctly? Does this only affect feeds from views?

Version: 11.x-dev » main

Drupal core is now using the main branch as the primary development branch. New developments and disruptive changes should now be targeted to the main branch.

Read more in the announcement.

cboyden’s picture

cboyden commented
StatusFileSize
new views-rss-double-encoded.png43.27 KB

This is still affecting Views RSS displays when they are attached to a page or block.

To reproduce:

  1. Install the latest stable version of Drupal core (currently 11.3.3) using the standard profile with all the defaults. This will install the Olivero theme.
  2. Log in as an administrator.
  3. Create a taxonomy term in the Tags vocabulary with special characters in the title, such as "Site's things & Stuff".
  4. Create an Article and tag it with this term.
  5. View the home page. Note the home page includes a link to the term, and the apostrophe and ampersand are displayed correctly.
  6. Follow the link to the term.
  7. Note the RSS feed link at the bottom of the page has the apostrophe and ampersand double-encoded.
  8. Install the Stark theme and set it as the default.
  9. View the term page again.
  10. Note the RSS feed link at the bottom of the still page has the apostrophe and ampersand double-encoded.

Screenshot of term display with incorrectly encoded feed link:

Feed link double-encoded

The term name used as the title is being escaped in the core system template modules/system/templates/feed-icon.html.twig:

<a href="{{ url }}"{{ attributes.addClass('feed-icon') }}>
  {{ 'Subscribe to @title'|t({'@title': title}) }}
</a>

And it's probably also being escaped by Views.