By fersman4 on

Hi, my client would like the body of a node to contain a form, whose action is a URL with an ampersand in it. If you try this without any special tricks, the drupal entity checker will change it to &, which shows up in the page source and the form doesn't submit properly. I've tried all kinds of things to get it to work, including escaping the ampersand and setting the URL to a PHP variable and printing that variable out. Nothing I've tried works. Any thoughts?

Categories: Drupal 5.x

Comments

imrook’s picture

imrook commented

It looks like one of you filters is interfering. A quick way to check this is to simply change the input format to PHP. This prevents Drupal from doing any processing on the body at all. If you need to use a different input format for this node, you'll have to change the filter settings for the input format you are using.

fersman4’s picture

fersman4 commented

Amazing. I tried a bunch of complex stuff and your easy solution works without a problem. Any idea which input filter caused this to happen? I think it was initially set to "Full HTML", and I didn't have any special input filter modules installed.

Thanks for the help!

Eric

imrook’s picture

imrook commented

The function in filter.module that does the replacement of '&' with '&' is filter_xss which is called by the _filter_html function which is the function called for the HTML filter (not to be confused with the HTML input format.) In general the filters are good for keeping your content clean and safe, but when you're doing more advanced stuff like writing a custom form in a page, you'll probably want to use an input format that doesn't touch your data. The PHP format works because it doesn't mess with the text, but if you plan on doing a lot of "raw" HTML pages, you should probably make a new input format that uses no filters. This will prevent the possibility of PHP code getting executed on those pages.