Drupal incorrectly escapes tags in javascript

Question

I installed drupal-6.16. I applied the patch from the post http://drupal.org/node/222926#comment-930745. It works correctly in simple cases. But following code of counter is handled incorrectly and counter is now displayed on the page after drupal.

Drupal modifies the string

"alt='1Gb.ua counter'><\/a>")</script>

to

"alt='1Gb.ua counter' />&lt;\/a>")</a></script>

The full code of counter follows:

<br><br>
Text
<br><br>
<!-- counter.1Gb.ua -->
<script language="javascript" type="text/javascript">
cgb_js="1.0"; cgb_r=""+Math.random()+"&r="+
escape(document.referrer)+"&pg="+
escape(window.location.href);
document.cookie="rqbct=1; path=/"; cgb_r+="&c="+
(document.cookie?"Y":"N");
</script><script language="javascript1.1" type="text/javascript">
cgb_js="1.1";cgb_r+="&j="+
(navigator.javaEnabled()?"Y":"N")</script>
<script language="javascript1.2" type="text/javascript">
cgb_js="1.2"; cgb_r+="&wh="+screen.width+
'x'+screen.height+"&px="+
(((navigator.appName.substring(0,3)=="Mic"))?
screen.colorDepth:screen.pixelDepth)</script>
<script language="javascript1.3" type="text/javascript">
cgb_js="1.3"</script>
<script language="javascript" 
type="text/javascript">cgb_r+="&js="+cgb_js; 
document.write("<a href='http://www.1Gb.ua?cnt=1416'>"+
"<img src='http://counter.1Gb.ua/cnt.aspx?"+
"u=1416&"+cgb_r+
"&' border=0 width=88 height=31 "+
"alt='1Gb.ua counter'><\/a>")</script>
<noscript><a href='http://www.1Gb.ua?cnt=1416'>
<img src="http://counter.1Gb.ua/cnt.aspx?u=1416" 
border=0 width="88" height="31" alt="1Gb.ua counter"></a>
</noscript>
<!-- /counter.1Gb.ua -->

Does anybody have this code working?

How should Drupal be fixed to handle this code in correct way?

Other suggestions are welcome.

EDIT:

Removing comments does not resolve the issue.

Answer 1

I got this issue randomly in Drupal6 for all content, with or without editor enabled Filtered, Full HTML or PHP.

Found that culprit is the magic_quotes_gpc flag in PHP.

Luckily I was able to turn it off easily in php.ini, which solved the problem of all kinds of weird escaping.

Answer 2

Enabling the PHP filter module and setting the input format to PHP solved this issue for me.

Answer 3

The issue you describe only when you use the HTML corrector with HTML comments. A quick solution is to remove the comments or disable the HTML corrector.

It would be great if the HTML corrector could handle HTML comments, but IMO HTML comments don't belong in the content of a node etc. If you plan on making markup so complex and special that it needs comments, it's an indicator that it belongs in your theme and not as content.

In your case, you want to add some javascript. Drupal has a function, drupal_add_js, for this, that not only will add the script, but with settings you can cache and minify it for production environment. This will boost performance and general is the way you want to add js to a Drupal site.

Since you are only trying out Drupal, the quickest solution for you now, is just to remove the HTML comments and you should be fine. But if you want to make something meant for a live site, you should check out drupal_add_js.

The input filters settings can be found at admin/settings/filters when you edit or create a new filter here you can decide which roles can use it and if the HTML corrector should be applied.

Answer 4

It is fixed in drupal 7.x. Details are here.