Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"title" Attribute in iframe Embed Code Is Not Encoded Properly #2930

Closed
joncameron opened this issue Apr 22, 2018 · 0 comments
Closed

"title" Attribute in iframe Embed Code Is Not Encoded Properly #2930

joncameron opened this issue Apr 22, 2018 · 0 comments
Assignees
Labels

Comments

@joncameron
Copy link
Contributor

@joncameron joncameron commented Apr 22, 2018

Description

In the Embed tab of the Share section of a MediaObject view page, the iframe 'title' attribute contains the unencoded full text of the MediaObject's title. The title attribute could then contain single quotes and other characters that should be escaped according to the HTML spec.

While browsers can parse the title field and display the iframe, this breaks functionality in third party services that aren't expecting characters like unencoded apostophes in HTML attributes.

Relevant HTML Spec Page

https://html.spec.whatwg.org/multipage/syntax.html#unquoted

Example

https://media.dlib.indiana.edu/media_objects/9019s265v

Embed Code

        <iframe title="“Headless” metadata for library discovery: NYU’s Ichabod project" src="https://purl.dlib.indiana.edu/iudl/media/6537033g5k?urlappend=%2Fembed" width="600" height="337" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>

View of embed code

screen shot 2018-04-22 at 12 24 32 pm

Done Looks Like

Characters in the title attribute in iframe embed code are encoded as per the HTML spec.

@joncameron joncameron added this to the Avalon 6.x Backlog milestone Apr 22, 2018
@bkeese bkeese self-assigned this Feb 1, 2019
@bkeese bkeese added In Review and removed ready labels Feb 1, 2019
@bkeese bkeese closed this Feb 4, 2019
@bkeese bkeese removed the In Review label Feb 4, 2019
jefferya added a commit to jefferya/avalon that referenced this issue Jan 14, 2020
Merge tag 'v6.5.0' of https://github.com/avalonmediasystem/avalon into 'v6.4.5' of https://github.com/ualbertalib/avalon

Avalon 6.5 includes IIIF manifest generation, a new editor for structural metadata, and integration with the Timeliner tool for annotation of AV materials, as well as a variety of updates for supporting libraries and components.

Features

Structural Metadata Editor:
A visual editor for creating and modifying section structure available on an item's Edit page. The new editor features a waveform visualization and interaction much like audio editing software such as Audacity or Adobe Audition.

IIIF Timeliner:
Integration with Timeliner, a reimplementation of the Variations Audio Timeliner annotation tool. Create, edit and share Timelines using media from items within Avalon.

IIIF Presentation 3.0 Manifest Generation:
IIIF manifests are now generated by Avalon for all items and can be retrieved from an application endpoint.

Updates and Bug Fixes
Support for Rails 5.2
Web upload limit on file size has been increased to 2 GB
Title attribute is encoded properly in HTML embed code (avalonmediasystem#2930)
Type-ahead in username input field no longer overrides values of a very short length (avalonmediasystem#2896)
Updating collection information no longer removes staff users (avalonmediasystem#2994)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants