I've just noted that form_clean_id() doesn't remove slashes, which are not allowed for IDs.

quote of the w3c xhtml 1.0 Recommendation:
Note that the collection of legal values in XML 1.0 Section 2.3, production 5 is much larger than that permitted to be used in the ID and NAME types defined in HTML 4. When defining fragment identifiers to be backward-compatible, only strings matching the pattern [A-Za-z][A-Za-z0-9:_.-]* should be used. See Section 6.2 of [HTML4] for more information.

The attached patch improves form_clean_id to follow this recommendation, except for the first character which isn't forced to be [A-Za-z].

CommentFileSizeAuthor
#11 form_clean_id.patch498 bytesliam morland
#4 form.inc-189792-4.patch765 bytesdarren oh
#2 drupal_clean_id2.patch642 bytesfago
drupal_clean_id.patch625 bytesfago

Comments

JirkaRybka’s picture

JirkaRybka commented

Seems to me the brackets '][' will now produce two hyphens instead of one. That might be a problem (?)

fago’s picture

fago
Primary language German
Location Vienna
commented
StatusFileSize
new drupal_clean_id2.patch642 bytes

ops, of course this would be a problem, thanks! Attached is an updated patch, which handles this case too.

ducdebreme’s picture

ducdebreme commented

How is the status of this patch? Why not including into the core HEAD?
It sound to be a good idea to have a positive filter on the ids...
Thanks
Stefan

darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented
Version: 7.x-dev » 6.x-dev
StatusFileSize
new form.inc-189792-4.patch765 bytes

Updated to allow the process to be reversed if necessary.

darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented
Version: 6.x-dev » 7.x-dev

Version: 6.x-dev » 7.x-dev
Status: Needs review » Needs work

The last submitted patch failed testing.

liam morland’s picture

liam morland
Primary language English
Location Ontario, CA 🇨🇦
commented
Status: Needs work » Needs review

What is wrong with the original patch?

If multiple hyphens in a row is a problem, then add '/--+/' as a pattern to replace with '-'.

Any reason why this fix can't also be made in D6?

darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented

The problem with the original patch is that it doesn't handle all invalid characters. The Drupal 6 maintainers do not accept fixes that have not first been made in Drupal 7.

liam morland’s picture

liam morland
Primary language English
Location Ontario, CA 🇨🇦
commented

This code, from the patch, replaces with a hyphen all characters that are not valid in id attributes: $id = preg_replace('/[^A-Za-z0-9:.-]/', '-', $id);.

It also removes underscore, which it doesn't have to, but which is currently removed.

The only thing it doesn't do is guaranty that the first character is a letter, but that is probably not needed since strings coming through this function start with "edit-" or similar anyway.

darren oh’s picture

darren oh
Primary language English
Location Lakeland, Florida
commented

Sorry, I forgot. The only change in my patch was to make the process reversible. However, mine needs more work.

liam morland’s picture

liam morland
Primary language English
Location Ontario, CA 🇨🇦
commented
StatusFileSize
new form_clean_id.patch498 bytes

Attached is the original patch, rerolled against D7. If it is not desirable to generate multiple hyphens in a row, a minor change to the regex will fix that.

Status: Needs review » Needs work

The last submitted patch failed testing.

liam morland’s picture

liam morland
Primary language English
Location Ontario, CA 🇨🇦
commented
Status: Needs work » Closed (duplicate)

This fix is being done as part of #464862: Add drupal_css_class() to clean class names and rename form_clean_id