stackoom
  简体   繁体   中英

How to escape colon in HTML attribute with PHP rendering

 原文  2022-09-11 19:06:25       php/ html/ drupal

Question

I'm not sure "How to escape colon in HTML attribute with PHP rendering" is the right question, but here's the issue.

I'm implementing Events items from Schema.org and am having issues correctly rendering dates with a colon in the content attribute and it seems to be happening in the php rendering. I'm writing this in a custom Drupal blocks module.

Desired outcome is:

<p class="upcomingdate" itemprop="doorTime" content="2022-10-15T08:00">Sat, Oct 15th at 8:00am</p>

Actual outcome is:

<p class="upcomingdate" itemprop="doorTime" content="00">Sat, Oct 15th at 8:00am</p>

In the php module file, I stripped everything dynamic out and literally hardcoded it as:

$content .= '<p class="upcomingdate" itemprop="doorTime" content="2022-10-15T08:00">Sat, Oct 15th at 8:00am</p>';

Essentially, every individual colon I add to the content attribute only returns everything after the colon, which is why I'm thinking it needs to be escaped.

Some interesting behavior I tried was

$content .= '<p class="upcomingdate" itemprop="doorTime" content="2022-10-15T08\:00">Sat, Oct 15th at 8:00am</p>';

Which didn't work. It yielded the same actual outcome from before.

I tried this:

 $content .= '<p class="upcomingdate" itemprop="doorTime" content="2022-10-15T08\::00">Sat, Oct 15th at 8:00am</p>';

And got:

<p class="upcomingdate" itemprop="doorTime" content=":00">Sat, Oct 15th at 8:00am</p>

Which actually included the colon in the content attribute.

Then I thought, to try these with their corresponding actual outcomes:

$content .= '<p class="upcomingdate" itemprop="doorTime" content=":2022-10-15T08:00">Sat, Oct 15th at 8:00am</p>';

<p class="upcomingdate" itemprop="doorTime" content=":2022-10-15T08:00">Sat, Oct 15th at 8:00am</p>

$content .= '<p class="upcomingdate" itemprop="doorTime" content="test:2022-10-15T08:00">Sat, Oct 15th at 8:00am</p>';

<p class="upcomingdate" itemprop="doorTime" content="00">Sat, Oct 15th at 8:00am</p>

$content .= '<p class="upcomingdate" itemprop="doorTime" content="::2022-10-15T08:00">Sat, Oct 15th at 8:00am</p>';

<p class="upcomingdate" itemprop="doorTime" content="::2022-10-15T08:00">Sat, Oct 15th at 8:00am</p>

What is actually happening and how can I get that individual lone colon into my content attribute?

1 answers

solution1
 0  2022-09-12 01:28:32

This aa Drupal feature, allegedly preventing your site from XSS https://www.drupal.org/project/drupal/issues/2635632 , https://www.drupal.org/project/drupal/issues/2544110 and a few other tickets.

I believe your only solution is to replace the colon with something else when outputting, and then revert it back when reading/using. You might be able to use an attribute named data-content to avoid being filtered, but given this issue is over 10 years old and going through flux, totally programming round it may be best.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to escape colon when reading XML in PHP, simplexml How to select xml elements by an attribute name containing a colon in PHP (domx)? How to escape a SQL query with colon in Jquery mobile? How to escape PHP inside the double quotes of html? Escape HTML to process PHP Escape string with PHP and HTML add attribute with colon to xml node in php PHP Xpath Query with Attribute That Has Colon Not Working How to get HTML Attribute in PHP how to use php for rendering html elements
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM