Image is not displaying because final code ends up placing the image source location within single quote instead of double quote:

<img src='/sites/all/modules/languageicons/flags/en.png' class="language-icon" alt="English" width="16" height="12" />

when this would work:

<img src="/sites/all/modules/languageicons/flags/en.png" class="language-icon" alt="English" width="16" height="12" />

How can I change this?

screenshot shows that browser is rendering the whole code as text instead.

CommentFileSizeAuthor
Picture 2.png25.86 KBsoj

Comments

Freso’s picture

Title: img src='xxx' instead of img src="xxx" » <img> tag being escaped
Category: bug » support
Status: Active » Postponed (maintainer needs more info)

The HTML specification allows using pairs of single and double quotes interchangeably, so this is not the problem. Even if it was, this would not cause the browser to show the HTML instead of the "alt" text (or nothing). It is more likely that somewhere on your website, the img tag is being read through a HTML escaper, ie. changing e.g. "<" to "&lt;". To be able to help you further, it would be helpful if you would tell more about your setup. What modules (and versions of these) do you have installed? Theme? What customisations have you done? Anything else that might be of interest?

japanitrat’s picture

subscribe

( D6.9 / language_icons 1.0 / i18n 1.0 )

Miteto’s picture

I had that issue when building a Zen based subtheme. That was caused by a function (which I borrowed from the forums) implementing the "sliding doors" technique over the primary links.

function phptemplate_links($primary_links, $attributes = array('class' => 'links')) {
  $output = '';

  if (count($primary_links) > 0) {
    $output = '<ul'. drupal_attributes($attributes) .'>';

    $num_links = count($primary_links);
    $i = 1;

    foreach ($primary_links as $key => $link) {
      $class = $key;

      // Add first, last and active classes to the list of links to help out themers.
      if ($i == 1) {
        $class .= ' first';
      }
      if ($i == $num_links) {
        $class .= ' last';
      }
      if (isset($link['href']) && $link['href'] == $_GET['q']) {
        $class .= ' active';
      }
      $output .= '<li class="'. $class .'">';

      if (isset($link['href'])) {
        // Pass in $link as $options, they share the same keys.
        $link['html'] = TRUE;
        $output .= l('<span>'. check_plain($link['title']) .'</span>', $link['href'], $link);
      }
      else if (!empty($link['title'])) {
        // Some links are actually not links, but we wrap these in <span> for adding title and class attributes
        if (empty($link['html'])) {
          $link['title'] = check_plain($link['title']);
        }
        $span_attributes = '';
        if (isset($link['attributes'])) {
          $span_attributes = drupal_attributes($link['attributes']);
        }
        $output .= '<span'. $span_attributes .'>'. $link['title'] .'</span>';
      }

      $i++;
      $output .= "</li>\n";
    }

    $output .= '</ul>';
  }

  return $output;
}

The culprit was the line

  ...
  $output .= l('<span>'. check_plain($link['title']) .'</span>', $link['href'], $link);
  ...

Instead I used decode_entities to wrap "check_plain".

  ...
  $output .= l('<span>'. decode_entities(check_plain($link['title'])) .'</span>', $link['href'], $link);
  ...

Hope this helps.

Freso’s picture

Status: Postponed (maintainer needs more info) » Fixed

Marking this as fixed. Feel free to reopen if this doesn't help and you have more information.

Just out of curiousity though, why not simply remove the check_plain() instead of adding a call to decode_entities()? As far as I can tell, they do the exact opposite of each other and thus cancels the other one out.

dman’s picture

I believe in both cases above, you need to add 'html'=>TRUE to the link attributes. the l() function escapes html internally unless you tell it otherwise.

Freso’s picture

@dman: This was already being passed. See the line above the l() call: $link['html'] = TRUE;

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Anonymous’s picture

This problem apeared to me also...

I installed this module and it was all ok for a while. Then I flushed all cache with admin module and it started output that. I am making an effort to understand what have I done during that half an hour but i don't remember nothing...
Now, has this issue been more studied?

svergeylen’s picture

I solve this in Zen whit removing the chack_plain in the file template.php that I had copied into my sub-theme. It works now.

You have to remove the check_plain(...) where you find the rendering of the links for your theme. For me, it was in themes/mytheme/template.php in this function :

/**
 * OVERRIDE THEME LINKS pour modifier le HTML des liens primaires (-->tabs ! :-) ) Stéphane
 *
 * @param $links
 *   A keyed array of links to be themed.
 * @param $attributes
 *   A keyed array of attributes
 * @return
 *   A string containing an unordered list of links.
 */
function planete_sdw_links($links, $attributes = array('class' => 'links')) {
...
//	$link['title'] = '<span class="tab">' . check_plain($link['title']) . '</span>';
//becomes :
	$link['title'] = '<span class="tab">' . $link['title'] . '</span>';
...
}

and it works...

++
Stéphane

jeeba’s picture

Sorry for resurrecting this zombie post but does removing check_plain this decrease the security on this module? Just wondering, i mean, this is not user created stuff, but maybe in some cases this could be dangerous, anyone agree or disagree?

dman’s picture

No security implications.
The img tag that is being inserted in the first place is entirely code-generated. Not from user input.
check_plain security worries is for text/html that may not have been sanitized since a user entered it.
This is entirely code and within the control of the module. Or theme

jeeba’s picture

Thanks dman, so this is a problem of the theme being chosen, so far Zen and AdaptiveTheme have this problems. I just look for the string check_plain() like in #9 (be carefully to delete only the correct one) in the themes templates, Netbeans seem to do it pretty well, maybe this can help someone else.