Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Text Filter mangles HTML when attribute value contains a special character #39193

Closed
ryandemmer opened this issue Nov 11, 2022 · 6 comments
Closed

Text Filter mangles HTML when attribute value contains a special character #39193

ryandemmer opened this issue Nov 11, 2022 · 6 comments
Labels
bug J4 Issue No Code Attached Yet

Comments

@ryandemmer
Copy link
Contributor

Steps to reproduce the issue

  1. In System -> Global Configuration -> Site, set Default Editor to Editor - None.
  2. In System -> Global Configuration -> Text Filters, set Filter Type for the Super Users group to Default Forbidden List.
  3. Click Content -> Articles -> New to create a new article.
  4. Paste in the content below. Note the (valid) special character in the href attribute value.
<a href="https://www.ikea.com/gb/en/p/birkelånga-tray-patterned-multicolour-grey-green-40537947" target="_blank">BIRKELÅNGA</a>
  1. Click Save

Expected result

The article content should remain intact as the HTML is valid.

Actual result

The content becomes

a href="https://www.ikea.com/gb/en/p/birkelånga-tray-patterned-multicolour-grey-green-40537947&quot;&quot;"BIRKELÅNGA</a>

once filtered and saved. The first < and > from the <a> tag are removed and the last " of the attribute value is encoded.

System information (as much as possible)

Joomla 4.2.4
Browser (Any)
PHP 8.0.14

Additional comments

When the Text Filter Filter Type is set to No Filtering, this issue does not occur, and the content is saved correctly.
@ryandemmer
Copy link
Contributor Author

This appears to only occur when the special characters are in the href attribute value. For example, the following link, where the special caharacters are in the title attribute value, the Text Filter does not affect the HTML:

<a href="https://www.ikea.com/gb/en/p/birkelanga-tray-patterned-multicolour-grey-green-40537947" title="BIRKELÅNGA">BIRKELÅNGA</a>

Further investigation shows that when a special character is in the src attribute value of an <img> tag for example, a FatalError Error: Maximum execution time of 30 seconds exceeded is generated with reference to libraries/vendor/joomla/string/src/phputf8/mbstring/core.php on line 94

@MacJoom
Copy link
Contributor

MacJoom commented Nov 14, 2022
edited
Loading

I can confirm this, only with my system the <img> tag is mangled as well, no Fatal Error, and strange enough <img gets ig

@SharkyKZ
Copy link
Contributor

joomla-framework/filter#50.

@ryandemmer ryandemmer mentioned this issue Nov 18, 2022
Closed
@ryandemmer
Copy link
Contributor Author

This appears to be fixed in this PR - joomla-framework/filter#50

@MacJoom
Copy link
Contributor

MacJoom commented Nov 18, 2022

Yes i have successfully tested joomla-framework/filter/pull/50 - closing this issue then

@MacJoom MacJoom closed this as completed Nov 18, 2022
@tgurr tgurr mentioned this issue Dec 28, 2022
Closed
@deltapapa01
Copy link

Hi,
Bug is still there: #39515

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug J4 Issue No Code Attached Yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ryandemmer @MacJoom @SharkyKZ @joomla-cms-bot @deltapapa01