Opened 16 years ago
Closed 16 years ago
#4731 closed defect (bug) (fixed)
Inline tags in title attribute for post permalinks not stripped
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 2.3 | Priority: | highest omg bbq |
Severity: | normal | Version: | 2.2.2 |
Component: | Template | Keywords: | has-patch dev-reviewed commit |
Focuses: | Cc: |
Description
Defect in the default theme.
Scenario
A WordPress (with the default theme active) user uses inline tags to format his post title: "My <em>example</em> post". But when he publishes the post, the resulting index page becomes XHTML invalid.
Defect
Here is an excerpt of the page source containing the mentioned invalid markup:
<h2><a href="http://www.example.com/posts/my-example-post/" rel="bookmark" title="Permanent Link to My <em>example</em> post">My <em>example</em> post</a></h2>
Notice that the title
attribute of the a
element containing the permalink has inline HTML tags (<em>
and </em>
in this case), which comes from the post title, which are disallowed and considered invalid. The post title text itself is valid.
Cause
The markup comes from this code in the default theme source (index.php, line 10):
<h2><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title(); ?>"><?php the_title(); ?></a></h2>
The first the_title()
WordPress tag outputs the raw post title, which may contains inline HTML tags, thus making the resulting markup invalid. These tags should be stripped.
Suggested solution
The suggested solution to this problem is to strip any HTML tags resulting from the output of the the_title() tag in HTML attribute values (so that My <em>example</em> post
becomes My example post
). Here is my modification of the above code:
<h2><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php echo strip_tags(the_title('', '', false)); ?>"><?php the_title(); ?></a></h2>
The following files contain similar problems:
- archive.php, line 36
- attachment.php, line 14
- search.php, line 18
- single.php, line 13
Attachments (2)
Change History (9)
#4
@
16 years ago
Indeed, and it should use get_post_field with attribute as the context. Also, sanitize_post_field should issue attribute_* filters so we can attach strip_tags to attribute_post_field.
We can do a less involved implementation for 2.3 that doesn't involve the filtering.
That's a lot of code... maybe we need
the_title_attribute()