Some characters are being escaped in the snippet produced by the Google Analytics module that's causing JavaScript errors. E.g. if your snippet has a "&" in it, the output <script> tag will have it as &amp; so it breaks if statements that has an and (&&) operator.

This is due to #attachment values being run through Xss::filterAdmin() in HtmlTag::preRenderHtmlTag() class.

There's an issue in core to discuss how to improve this.

To reproduce the problem, simply put a alert("&"); in either in the "Code snippet (before)" or "Code snippet (after)" fields you'll see it will output &amp;

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

recidive created an issue. See original summary.

recidive’s picture

The attached patch adds a new class JavaScriptSnippet that implements MarkupInterface in order to bypass the Xss::filterAdmin() call.

Status: Needs review » Needs work

The last submitted patch, 3: Issue-2821815-by-hass-Add-test.patch, failed testing.

hass’s picture

  • hass committed bc1ffb3 on 8.x-2.x authored by recidive
    Issue #2821815 by recidive, hass: HTML escaping characters in snippet...
hass’s picture

Status: Needs review » Fixed

Many many thanks for your patch!

hass’s picture

Title: Escaping characters in snippet before and after » HTML escaping characters in snippet before and after

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

hass’s picture

hass’s picture

Status: Closed (fixed) » Needs review

Status: Needs review » Needs work

The last submitted patch, 10: Issue-2821815-by-mxh-How-to-add-JavaScript-to-htmlhe.patch, failed testing. View results
- codesniffer_fixes.patch Interdiff of automated coding standards fixes only.

hass’s picture

Status: Needs work » Needs review
FileSize
952 bytes
hass’s picture

Status: Needs review » Fixed

Stay with #5

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.