[wp-trac] [WordPress Trac] #28816: HTML entities in post titles break feeds

WordPress Trac noreply at wordpress.org
Thu Jul 10 17:08:56 UTC 2014

#28816: HTML entities in post titles break feeds
 Reporter:  blowery       |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Feeds         |    Version:  3.9.1
 Severity:  normal        |   Keywords:
  Focuses:                |
 If the title of a blog post contains escaped HTML entities, like
 – or › the feed containing that title becomes invalid
 XML. To repro:

 1. Start a new post
 2. Use a title of Broken – Escaping
 3. Publish the post
 4. Load up the /feed/ url for the blog, notice the feed is invalid due to
 an unknown entity reference.

 It appears the culprit is calling ent2ncr followed by esc_html as part of
 the the_title_rss filter. esc_html turns the & into an actual &, which
 in the replaced string appears as an entity reference. Reversing the
 calling order of those two filter calls outputs the entity as an XML-style
 numeric reference, which fixes the feed, but is also wrong.

 The title should be output as "Broken – Escaping". Had the
 title been "Broken – Escaping" it should be output as "Broken
 – Escaping".

Ticket URL: <https://core.trac.wordpress.org/ticket/28816>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list