Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough

Ampersands and CCK

Parent Feed: 
Karl Scheirer

By krs · January 6, 2009 · 0 Comments · 542 Views

When using a CCK text field that is set to display as a select list, using the "Allowed Values" textarea to specify each of the choices works 99% of the time. But when trying to use an option that included an ampersand, like "Drupal & Drupal", it keeps getting escaped to & -  stop it CCK!

What's going on? Each line of the textarea is eventually passed through filter_xss(), which tries it's best to remove naughty characters like &, becauseof its special meaning in HTML.

How to avoid it? Use the section "PHP Code" and write your values out as an array. You must specify a key and value pair for each option, CCK will not automatically handle just having the value. Don't forget to return the array. PHP open and closing tags arent needed. CCK trusts the values found in this block, and pass them through any kind of text filtering, and your ampsersands will sail through undamaged.

So

Drupal & Drupal
Hans & Franz
Martin & Lewis

become

return array(
'Drupal & Drupal' => 'Drupal & Drupal',
'Hans & Franz' => 'Hans & Franz',
'Martin & Lewis' => 'Martin & Lewis',
);

Filed in:
Tagged with:

Author: 
krs
RSS Tags: 
Drupal
drupal5
filtering
xss
Original Post: 
http://drupalhigh.onsugar.com/Ampersands-CCK-2669617

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web