Escaping entry title

Discussion corner for Developers of Serendipity.
Post Reply
Don Chambers
Regular
Posts: 3652
Joined: Mon Feb 13, 2006 2:40 am
Location: Chicago, IL, USA
Contact:

Escaping entry title

Post by Don Chambers »

Long time ago, we started using AddThis for social bookmarking. Recently, I updated that code for some of my templates and committed the change to bulletproof.... I'm wondering about escaping the entry title. In the code bit, I used this for the entry title: {$entry.title|escape:url}.

I'm thinking that this is too much... and unreadable. Anyone see anything wrong with using {$entry.title|escape} or {$entry.title|escape:htmlall} instead of url? Pro's or cons?
=Don=
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Escaping entry title

Post by garvinhicking »

Hi!

When using something inside an <a href> you MUST use escape:url. Else, you might get problems with special characters that will break your link.

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Don Chambers
Regular
Posts: 3652
Joined: Mon Feb 13, 2006 2:40 am
Location: Chicago, IL, USA
Contact:

Re: Escaping entry title

Post by Don Chambers »

It is used in this context:

<div class="addthiswidget">
<a href="http://www.addthis.com/bookmark.php?v=250" onmouseover="return addthis_open(this, '', encodeURIComponent('{$entry.rdf_ident}'), encodeURIComponent('{$entry.title|escape}'));" onmouseout="addthis_close()" onclick="return addthis_sendto()" title="Bookmark and Share" target="_blank"><img src="http://s7.addthis.com/static/btn/lg-share-en.gif" width="125" height="16" alt="Bookmark and Share" style="border:0" /></a>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_wi ... "></script>
</div>

escape:url for this TITLE would, among other things, convert spaces in the title to %20, leading to something like: This%20is%20the%20entry%20title.

escape:html, is supposed to escape & " ' < > and *... I would think that should be sufficient, but could also consider escape:htmlall.... I am trying to escape any characters in the entry title that might make the javascript fail, but still keep the entry title human readable... again, this is simply the entry title that gets bookmarked, it is not really part of the <a href=....>.
=Don=
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Escaping entry title

Post by garvinhicking »

Hi!

Sadly I don't know what encodeURIComponent() does. Maybe you don'Ät need to feed it with %, so escape:url might not be needed. But in a URL, you would need to use %20...

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Don Chambers
Regular
Posts: 3652
Joined: Mon Feb 13, 2006 2:40 am
Location: Chicago, IL, USA
Contact:

Re: Escaping entry title

Post by Don Chambers »

I'm not entirely sure either Garvin - does this link provide any insight? https://developer.mozilla.org/en/Core_J ... IComponent
=Don=
Post Reply