Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi there,
I'm trying to add help text to a field with a link in it. Path for the link needs to be created from tokens, but tokens get filtered out from href attribute by filter_xss_admin() before they have chance to be replaced.
So something like this in help text:
Click <a href="[site:og-context--node:url]/will-options/create" target="_blank">here</a>
Comes into token_field_widget_form_alter() in following state:
Click <a href="url]/will-options/create" target="_blank">here</a>
Patch with suggested fix is attached
Comment | File | Size | Author |
---|---|---|---|
#5 | token-1938672-5.patch | 567 bytes | Dane Powell |
token_filtered_descriptions.patch | 770 bytes | tatyana | |
Comments
Comment #1
walidvb CreditAttribution: walidvb commentedI have a similar problem:
Help text is
<a href="[site:url]admin/config/content/facebook_album_fetcher/album_list">here</a>
turns into
<a href="http://mysite.com<em>/node/addurl]admin/config/content/facebook_album_fetcher/album_list">here</a>
Comment #2
hoangdk80 CreditAttribution: hoangdk80 commentedsame here
have tried to use the token outside of the link href attribute but it's broken as well:
This is the homepage: [site:url]
turns into
This is the homepage: [site:url]
Token doesn't seem to be interpreted at all. Any ideas ?
Comment #3
Dave ReidComment #5
Dane Powell CreditAttribution: Dane Powell commentedSame patch as in #1, just re-rolled. It works for me.
Comment #7
Dave ReidCommitted to 7.x-1.x. Sorry I forgot to assign Git attribution. :/
Comment #9
cussack CreditAttribution: cussack commentedThe supplied patch does not fix the actual issue. It is an ugly workaround that basically disables all alterations coming before this one in the alteration chain, which causes more problems than it solves (see #2474403: Translation of field description overwritten for example, #1796024: Tokens in field help text do not work for files, images, text fields possibly as well).
I would love to see this patch reverted and the issue being fixed more cleanly in another place, most likely by sanitizing strings after alteration in the field module or by adding another alter function later in the chain. The bug is actually caused by premature string sanitizing.
Thoughts?