Apostrophe returns '#039'
nsyll - August 21, 2006 - 16:05
| Project: | Drupal |
| Version: | 4.7.3 |
| Component: | forms system |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | won't fix |
Jump to:
Description
$form['category'] = array(
'#type' => 'select',
'#name' => $formname,
'#id' => $formname,
'#title' => '',
'#default_value' => '',
'#options' => $options,
'#description' => '',
'#multiple' => $multiple = FALSE,
'#required' => $required = FALSE,
'#attributes' => array('onChange' => "top.location.href=document.getElementById('$formname').options[document.getElementById('$formname').selectedIndex].value"),
);return -->
<select name="" onChange="top.location.href=document.getElementById( #039; #039;).options[document.getElementById( ' ').selectedIndex].value" class="form-select" id="">also i try
#attributes' => array('onChange' => "top.location.href=document.getElementById(\'$formname\').options[document.getElementById(\'$formname\').selectedIndex].value")but nothing
#1
I don't know it this is a drupal 4.7 only issue but I found that if you change the following on bootstrap.inc:
function check_plain($text) {return htmlspecialchars($text, ENT_QUOTES);
}
to
function check_plain($text) {return htmlspecialchars($text, ENT_COMPAT);
}
it works. But I don't even know if this is a bug or a feature ;-)
#2
Its work, but realy what is it ? Bug or a feature
#3
As far as I know, the generated javascript simply works. Is that what you allude to with
If so it certainly isn't critical.
#4
This bug causes that other one: http://drupal.org/node/70742 (Problems with apostrophe in file name)
#5
@beginner : This is in fact a separate issue
#6
yched's patch http://drupal.org/node/83297 has been committed to HEAD.
Please test again this issue with HEAD.
(check the mentioned issue to see if it's been backported to 4.7)
#7
The patch http://drupal.org/node/83297 only involved upload.module display, so there's no chance it affected this issue.
'#attributes' do get passed through check_plain, (in function drupal_attributes). This is probably a good thing, but this messes with single quotes, which is problematic for JS code.
It does not seem like we can remove the ENT_QUOTE from check_plain either, There has been an attempt at it (http://drupal.org/node/29103), it even got committed, but Dries rolled it back for security concerns.
I guess adding such JS attributes is much easier now in 5.0 (new drupal_*_js functions, jQuery)
Maybe there"s a workaround here too ?
#8
HTML entities are semantically equivalent to the represented character (in those cases where the literal character has no special meaning). Embedded JavaScript code works just as well whether it is escaped or not.