Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[5.x, 4.x, 3.x]: Html::tag() improperly parses inline data URIs in style attributes #14964

Closed
khalwat opened this issue May 9, 2024 · 2 comments
Closed

[5.x, 4.x, 3.x]: Html::tag() improperly parses inline data URIs in style attributes #14964

khalwat opened this issue May 9, 2024 · 2 comments
Assignees
@i-just
Labels
bug

Comments

@khalwat
Copy link
Contributor

khalwat commented May 9, 2024
edited
Loading

What happened?

Description

If I call:

       Html::tag('img', '', $attrs);

...with $attrs set thusly:

array:6 [▼
  "class" => "lazyload"
  "style" => "background-image:url(data:image/jpeg;base64,%2F9j%2F4AAQSkZJRgABAQEASABIAAD%2F2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeX"
  "width" => 1200
  "height" => 675
  "src" => "http://plugindev.local:8005/assets/site/_576x432_crop_center-center_60_line/christmas-selfie.jpg"
  "loading" => "lazy"
]

The ::explodeStyle() method improperly parses the data URI style attributes, adding spaces and colons where they should not be. I think the regex is assuming all semi-colons end a CSS style attribute, which is not the case for data URIs. This renders an invalid style attribute:

style="background-image: url(data:image/jpeg; base64,%2F9j%2F4AAQSkZJRgABAQEASABIAAD%2F2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P%2F2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P%2FwAARCAAJABADASIAAhEBAxEB%2F8QAFgABAQEAAAAAAAAAAAAAAAAAAgEF%2F8QAIRAAAQQBAwUAAAAAAAAAAAAAAwABAgQSETEyNDVBcXL%2FxAAVAQEBAAAAAAAAAAAAAAAAAAABAv%2FEABgRAAMBAQAAAAAAAAAAAAAAAAABESEi%2F9oADAMBAAIRAxEAPwA3w1zAFXJYlGeWWLOz%2BHUqVRBGWuGzy0I7T3ZZUusH9Jn7jH0yJsKT5P%2FZ): ; background-size: cover;"

It should be this:

style="background-image: url(data:image/jpeg;base64,%2F9j%2F4AAQSkZJRgABAQEASABIAAD%2F2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P%2F2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P%2FwAARCAAJABADASIAAhEBAxEB%2F8QAFgABAQEAAAAAAAAAAAAAAAAAAgEF%2F8QAIRAAAQQBAwUAAAAAAAAAAAAAAwABAgQSETEyNDVBcXL%2FxAAVAQEBAAAAAAAAAAAAAAAAAAABAv%2FEABgRAAMBAQAAAAAAAAAAAAAAAAABESEi%2F9oADAMBAAIRAxEAPwA3w1zAFXJYlGeWWLOz%2BHUqVRBGWuGzy0I7T3ZZUusH9Jn7jH0yJsKT5P%2FZ); background-size: cover;"

This affects Html::tag() in Craft 3.x, 4.x, and 5.x

Related issue: nystudio107/craft-imageoptimize#400

Craft CMS version

3.x, 4.x, 5.x

PHP version

n/a

Operating system and version

n/a

Database type and version

n/a

Image driver and version

n/a

Installed plugins and versions

n/a
@khalwat khalwat added the bug label May 9, 2024
@khalwat khalwat mentioned this issue May 9, 2024
Closed
@khalwat khalwat changed the title [5.x, 4.x, 3.x]: Html::tag() improperly parses inline data URLs in style attributes [5.x, 4.x, 3.x]: Html::tag() improperly parses inline data URIs in style attributes May 9, 2024
@i-just i-just self-assigned this May 9, 2024
@i-just i-just mentioned this issue May 10, 2024
Merged
@i-just
Copy link
Contributor

i-just commented May 10, 2024

Hi, thanks for reporting! I raised a PR for it.

@brandonkelly
Copy link
Member

Craft 4.9.3 and 5.1.3 are out with that fix. Thanks again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@i-just i-just

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brandonkelly @i-just @khalwat