Quotation marks in description are not encoded when inserted, which leads to premature closing of attributes and insertion of extra attributes.
For example if my description is:
"quotation marks" cause problems
What gets inserted is:
<a cause="" href="filename" quotation="" title="">"quotation marks" cause problems</a>
I have solved the problem locally by editing insert.js to change the line:
var fieldValue = $(settings.fields[fieldName], wrapper).val();
to:
var fieldValue = $(settings.fields[fieldName], wrapper).val().replace(/"/g, '"');
...but I'm not sure if that's a complete or the best solution, or if it might cause problems elsewhere.
Comment | File | Size | Author |
---|---|---|---|
#4 | insert_encode.patch | 715 bytes | quicksketch |
Comments
Comment #1
kpaxman CreditAttribution: kpaxman commentedFurther testing has revealed that angle brackets don't get encoded either...well, nothing gets encoded by default but angle brackets are a problem because they look like HTML to browsers.
I updated the replacement line to:
...which I think gets all the likely problem-causers.
Comment #2
quicksketchThanks for the report @kpaxman! I'm busy with a lot of other projects at the moment so it may be a while before I can review this solution.
Comment #3
kpaxman CreditAttribution: kpaxman commentedAnother update, anyway...the replace shouldn't happen at that point because fieldValue might be empty. it should instead be inside the if statement.
So:
...and then the existing code.
Comment #4
quicksketchThanks, I've committed this patch to both branches.