[wp-trac] [WordPress Trac] #4731: Inline tags in title attribute for post permalinks not stripped

WordPress Trac wp-trac at lists.automattic.com
Sat Aug 11 23:39:26 GMT 2007 

#4731: Inline tags in title attribute for post permalinks not stripped
----------------------------+-----------------------------------------------
 Reporter:  tarmiziaffandi  |       Owner:  anonymous
     Type:  defect          |      Status:  new      
 Priority:  high            |   Milestone:  2.2.3    
Component:  Template        |     Version:  2.2.2    
 Severity:  normal          |    Keywords:           
----------------------------+-----------------------------------------------
 Defect in the default theme.

 == Scenario ==

 A WordPress (with the default theme active) user uses inline tags to
 format his post title: "My <em>example</em> post". But when he publishes
 the post, the resulting index page becomes XHTML invalid.

 == Defect ==

 Here is an excerpt of the page source containing the mentioned invalid
 markup:

 {{{
 <h2><a href="http://www.example.com/posts/my-example-post/" rel="bookmark"
 title="Permanent Link to My <em>example</em> post">My <em>example</em>
 post</a></h2>
 }}}

 Notice that the `title` attribute of the `a` element containing the
 permalink has inline HTML tags (`<em>` and `</em>` in this case), which
 comes from the post title, which are disallowed and considered invalid.
 The post title text itself is valid.

 == Cause ==

 The markup comes from this code in the default theme source (index.php,
 line 10):

 {{{
 <h2><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent
 Link to <?php the_title(); ?>"><?php the_title(); ?></a></h2>
 }}}

 The first `the_title()` WordPress tag outputs the raw post title, which
 may contains inline HTML tags, thus making the resulting markup invalid.
 These tags should be stripped.

 == Suggested solution ==

 The suggested solution to this problem is to strip any HTML tags resulting
 from the output of the the_title() tag in HTML attribute values (so that
 `My <em>example</em> post` becomes `My example post`). Here is my
 modification of the above code:

 {{{
 <h2><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent
 Link to <?php echo strip_tags(the_title('', '', false)); ?>"><?php
 the_title(); ?></a></h2>
 }}}

 The following files contain similar problems:

  * archive.php, line 36
  * attachment.php, line 14
  * search.php, line 18
  * single.php, line 13

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4731>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list