Description

When adding a link by pasting the full url into the search field, the result will be double encoded if the subject contains quotes or other related characters.

Steps to repoduce

create a new article, make the title something like "this is a title with quotes"

  • create a new article, make the title something like "this is a title with quotes"
  • create another article, and now try adding the previous article into a linkit field
  • the autocomplete widget will display the quotation marks as `"`
  • and the final rendered result of the markdown will also be displayed as `"this is a title with quotes&quot`

Situatie before:

Situatie after:

CommentFileSizeAuthor
#11 linkit-fields_title_double_encoded-2980959-11.patch2.6 KBanon
#10 linkit-fields_title_double_encoded-2980959-10.patch1.88 KBgranholm
#9 Redigera Artikel test test | svenska.yle_.fi 2018-08-08 12-31-36.png22.32 KBgranholm
#7 2980959-double-encoded-after.gif192.43 KBidebr
#6 linkit-fields_title_double_encoded-2980959-6.patch1.47 KBidebr
#6 2980959-double-encoded-before.gif187.26 KBidebr
#4 2980959-double-encoded-before.gif164.73 KBidebr
#2 Qoute-ok.png48.87 KBishani.addweb

Comments

granholm created an issue. See original summary.

ishani.addweb’s picture

ishani.addweb commented
StatusFileSize
new Qoute-ok.png48.87 KB

@granholm, Thanks for providing the steps for the easy way of identifying an issue. I tried with the same steps, but not being able to reach with an issue. Please review my attached screenshot. Can you please elaborate more so that we are on the same page.

Thanks again!.

ishani.addweb’s picture

ishani.addweb commented
Status: Active » Needs review
idebr’s picture

idebr commented
Issue summary: View changes
StatusFileSize
new 2980959-double-encoded-before.gif164.73 KB
idebr’s picture

idebr commented
Issue summary: View changes
idebr’s picture

idebr commented
Issue summary: View changes
StatusFileSize
new 2980959-double-encoded-before.gif187.26 KB
new linkit-fields_title_double_encoded-2980959-6.patch1.47 KB

Attached patch implements HTML entity decoding for the title when added to a Link field.

idebr’s picture

idebr commented
Issue summary: View changes
StatusFileSize
new 2980959-double-encoded-after.gif192.43 KB
granholm’s picture

granholm commented
Status: Needs review » Reviewed & tested by the community

See next comment.

granholm’s picture

granholm commented
Status: Reviewed & tested by the community » Needs work
StatusFileSize
new Redigera Artikel test test | svenska.yle_.fi 2018-08-08 12-31-36.png22.32 KB

Tested patch linkit-fields_title_double_encoded-2980959-6.patch, and the problem persists when you don't search for an internal article, but paste the url into the search field. If there are quotes (or any other special characters) in the headline, they will be double encoded, like this:

Screenshot.

granholm’s picture

granholm commented
StatusFileSize
new linkit-fields_title_double_encoded-2980959-10.patch1.88 KB

This patch to Better Autocomplete should fix the double encoding when pasting an internal url to the search field.

anon’s picture

anon
Primary language Swedish
Location Gothenburg
commented
Status: Needs work » Needs review
StatusFileSize
new linkit-fields_title_double_encoded-2980959-11.patch2.6 KB

I wont update BAC as its actually a lib included the wrong way into linkit.

However, it turns out that we are "check_plain-ing" alot more then we need.

If we use filter_xss instead we still provides the security we need and can have the same results for both a search and a url paste.