[#19823] - Editor: Insert button add an extra \ for article title containing a single quote '
- Closed
- 4 Mar 2018
- Medium
- Build: staging
- # 19823
Steps to reproduce the issue
- Create a new article with Title "L'association A & L'association B"
- Edit another article , use
to insert the link of the newly created article.
Expected result
"L'association A & L'association B"
Actual result
"L\'association A & L\'association B"
System information (as much as possible)
3.8.5 using either MCE or CodeMirror.
PHP 5.x, windows and Linux.
Additional comments
joomla-cms-bot
- | Labels |
Added:
?
|
||
franz-wohlkoenig
- | Category | ⇒ | com_content |
They are not necessary here as they are not part of a js onclick.
Will make patch.
It is as you said:
They are not necessary here as they are not part of a js onclick.
Old code need it double esacaping because it was passing the data via parameter of JS method, whose code was inside an onclick Tag parameter
a4b880b#diff-f0f22e7238611f9f5d7ea24bb92099d6L113
but then data were
moved to
'data-*' HTML Tag attributes, and the values were copied without considering that the double escaping was no longer needed
For menus it is without double escaping
data-title="<?php echo $this->escape($item->title); ?>"
So the above is already proper
But there is 1 more modal layout that needs fixing , the contacts selection modal template
https://github.com/joomla/joomla-cms/blob/staging/administrator/components/com_contact/views/contacts/tmpl/modal.php#L123
since it double escaping too
data-title="<?php echo $this->escape(addslashes($item->name)); ?>"
will include both in PR
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-03-04 08:00:46 |
| Closed_By | ⇒ | infograf768 |
Confirmed. Trying to understand why we add slashes there