Image alt attributes are double-escaped #806
Comments
|
Was thinking of doing a PR, but the way alt text is currently done in the code is so weird that I presume there must be some reason for it which is not apparent. When the Image node is created, a text node is generated as a child with the alt text. public function __construct(string $url, ?string $label = null, ?string $title = null)
{
parent::__construct($url);
if ($label !== null && $label !== '') {
$this->appendChild(new Text($label));
}
$this->title = $title;
}Then in ImageRenderer: public function render(Node $node, ChildNodeRendererInterface $childRenderer): \Stringable
{
// …
$alt = $childRenderer->renderNodes($node->children());
$alt = \preg_replace('/\<[^>]*alt="([^"]*)"[^>]*\>/', '$1', $alt);
$attrs['alt'] = \preg_replace('/\<[^>]*\>/', '', $alt ?? '');
// …
return new HtmlElement('img', $attrs, '', true);
}So it seems the first escape happens when that child node is rendered and that escaped text is put into a "normal" attribute for a tag and gets escaped again when that's rendered. But why? Why not just treat it as a normal attribute the whole way? 🤨 |
|
It looks like this code was originally implemented in 0.3.0, way before we automatically escaped all attributes in 0.19.0. I think I just forgot to remove that old 1.6.x is no longer receiving updates, but if you'd like to create a PR targeting the |
Version(s) affected
2.1.1
Description
This also affects 1.6.7.
Input:
Output:
The left and right angle brackets are also double-escaped.
How to reproduce
Create an image with alt text that contains a character that would need to be escaped.
Possible solution
No response
Additional context
No response
Did this project help you today? Did it make you happy in any way?
<3
The text was updated successfully, but these errors were encountered: