Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
If i create a cookie category title or description that contains an apostrophe character, it's saved and rendered fine but as soon a i reopen the category configuration form, the apostrophe is replance by it's utf8 value (') and rendered escaped.
Steps to reproduce
Create a category with an apostrophe char in title and description
eg.
title:I'm a category
description: i'm a category description
Save it and reopen it and values will be replaced by :
title: I'm a category
description: i'm a category description
tested on 7.x-1.36
Comments
Comment #2
ericdsd CreditAttribution: ericdsd commentedComment #3
ericdsd CreditAttribution: ericdsd commentedComment #4
ericdsd CreditAttribution: ericdsd commentedHere is a patch against 7.x-1.36, it removes unneeded checkplain from form default values
Comment #5
svenryen CreditAttribution: svenryen at Ramsalt Lab commentedThanks for your patch, will try to take a look in the next couple of weeks.
Comment #6
svenryen CreditAttribution: svenryen at Ramsalt Lab commentedComment #7
svenryen CreditAttribution: svenryen at Ramsalt Lab commented@ericdsd Thanks for catching this issue.
However, I don't think we can remove
check_plain
from the code, since that could open a security hole.As an alternative can we try using
filter_xss
?Would be great if you could apply the attached patch and RTBC this issue.
Comment #8
ericdsd CreditAttribution: ericdsd commentedHi @svenryen i've tested the patch #7, it works like a charm.
Switched to RTBC.
Comment #10
svenryen CreditAttribution: svenryen at Ramsalt Lab commentedThanks!