Serendipity Forums

User and developer community
https://board.s9y.org/

Escaping entry title

https://board.s9y.org/viewtopic.php?t=15465

Page 1 of 1

Escaping entry title

Posted: Thu Jun 25, 2009 7:55 pm
by Don Chambers
Long time ago, we started using AddThis for social bookmarking. Recently, I updated that code for some of my templates and committed the change to bulletproof.... I'm wondering about escaping the entry title. In the code bit, I used this for the entry title: {$entry.title|escape:url}.

I'm thinking that this is too much... and unreadable. Anyone see anything wrong with using {$entry.title|escape} or {$entry.title|escape:htmlall} instead of url? Pro's or cons?

Re: Escaping entry title

Posted: Fri Jun 26, 2009 9:50 am
by garvinhicking
Hi!

When using something inside an <a href> you MUST use escape:url. Else, you might get problems with special characters that will break your link.

Regards,
Garvin

Re: Escaping entry title

Posted: Fri Jun 26, 2009 4:57 pm
by Don Chambers
It is used in this context:

<div class="addthiswidget">
<a href="http://www.addthis.com/bookmark.php?v=250" onmouseover="return addthis_open(this, '', encodeURIComponent('{$entry.rdf_ident}'), encodeURIComponent('{$entry.title|escape}'));" onmouseout="addthis_close()" onclick="return addthis_sendto()" title="Bookmark and Share" target="_blank"><img src="http://s7.addthis.com/static/btn/lg-share-en.gif" width="125" height="16" alt="Bookmark and Share" style="border:0" /></a>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_wi ... "></script>
</div>

escape:url for this TITLE would, among other things, convert spaces in the title to %20, leading to something like: This%20is%20the%20entry%20title.

escape:html, is supposed to escape & " ' < > and *... I would think that should be sufficient, but could also consider escape:htmlall.... I am trying to escape any characters in the entry title that might make the javascript fail, but still keep the entry title human readable... again, this is simply the entry title that gets bookmarked, it is not really part of the <a href=....>.

Re: Escaping entry title

Posted: Fri Jun 26, 2009 11:34 pm
by garvinhicking
Hi!

Sadly I don't know what encodeURIComponent() does. Maybe you don'Ät need to feed it with %, so escape:url might not be needed. But in a URL, you would need to use %20...

Regards,
Garvin

Re: Escaping entry title

Posted: Mon Jun 29, 2009 10:26 pm
by Don Chambers
I'm not entirely sure either Garvin - does this link provide any insight? https://developer.mozilla.org/en/Core_J ... IComponent
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited