Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Problem/Motivation
In the JSON Feed v1 spec, it states in the entry for content_html:
Important: the only place HTML is allowed in this format is in content_html.
However, a Drupal user could configure a view (either intentionally or unintentionally) to output HTML for other fields like title.
Proposed resolution
We can either validate this at view configuration time or strip HTML for the appropriate fields at render time. I am leaning towards the latter.
| Comment | File | Size | Author |
|---|---|---|---|
| #8 | attributes_that_should-2885052-8.patch | 8.01 KB | markdorison |
| |||
| #6 | attributes_that_should-2885052-6.patch | 8.03 KB | markdorison |
| |||
| #4 | no_html_attributes-2885052-4.patch | 2.65 KB | KarlShea |
Comments
Comment #2
markdorisonComment #3
KarlSheaI agree, I think the less configuration/knowledge someone needs to have about the spec the better.
Comment #4
KarlSheaI'm not sure which direction to go here. I don't like using
check_markup(), because that just escapes HTML and I don't think that's what anyone would want. The patch usesstrip_tags(), which works, but maybeMailFormatHelper::htmlToTextwould be better? The problem with that is it looks like it does way more that's mail-specific than would be desired here.Comment #5
markdorisonComment #6
markdorison@KarlShea I am thinking 'strip_tags' is the best approach.
There are a number of ways to approach this but here is one.
Comment #7
markdorisonNeeds re-roll.
Comment #8
markdorisonComment #10
KarlSheaLooks good