Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
"title" Attribute in iframe Embed Code Is Not Encoded Properly #2930
In the Embed tab of the Share section of a MediaObject view page, the iframe 'title' attribute contains the unencoded full text of the MediaObject's title. The title attribute could then contain single quotes and other characters that should be escaped according to the HTML spec.
While browsers can parse the title field and display the iframe, this breaks functionality in third party services that aren't expecting characters like unencoded apostophes in HTML attributes.
Relevant HTML Spec Page
<iframe title="“Headless” metadata for library discovery: NYU’s Ichabod project" src="https://purl.dlib.indiana.edu/iudl/media/6537033g5k?urlappend=%2Fembed" width="600" height="337" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>
View of embed code
Done Looks Like
Characters in the title attribute in iframe embed code are encoded as per the HTML spec.