keewhip
commented
1 year ago Fix for this issue in /libraries/src/MVC/View/CategoryFeedView.php
LINES 86 - 92
// Strip html from feed item title
if ($titleField) {
$title = $this->escape($item->$titleField);
$title = html_entity_decode($title, ENT_QUOTES, 'UTF-8');
} else {
$title = '';
}
```<hr /><sub>This comment was created with the <a href="https://github.com/joomla/jissues">J!Tracker Application</a> at <a href="https://issues.joomla.org/tracker/joomla-cms/40558">issues.joomla.org/tracker/joomla-cms/40558</a>.</sub>
richard67
Since J4 the escape function in \libraries\src\MVC\View\HtmlView.php - Line 233 includes single quotes by passing the ENT_QUOTES flag to htmlspecialchars()
The escape method is used to strip html from the feed item title by first escaping the item title. Then the title is decoded by html_entity_decode using the ENT_COMPAT flag This causes the html-single-quote-entity (
') to remain in the title.I guess the title is amp_replaced on parsing the rss feed causing the
'to become&#039;in the final output.Steps to reproduce the issue
Create an article in category EXAMPLE (category id = 1) with single quotes in the title. title = This is a 'test' article
Display a feed from this category index.php?option=com_content&view=category&id=1&format=feed&type=rss
Expected result
Well formed RSS feed which shows this title element:
<title>This is a 'test' article</title>Actual result
<title>This is a &#039;test&#039; article</title>System information (as much as possible)
Joomla 4.3.1 PHP 8.1.10
Additional comments
Changing the flag to ENT_QUOTES in the html_entity_decode function fixes the issue.
Current situation:
Fixed: