Skip to content

Instantly share code, notes, and snippets.

@navarr

navarr/template\page\html\breadcrumbs.phtml

Last active April 30, 2019 13:55
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save navarr/c84c36e13870ae7cf0ca to your computer and use it in GitHub Desktop.
Save navarr/c84c36e13870ae7cf0ca to your computer and use it in GitHub Desktop.
Download ZIP
Magento Semantic Breadcrumbs
Raw
template\page\html\breadcrumbs.phtml
<?php
if (empty($crumbs) || !is_array($crumbs)) {
return;
}
$_crumbItems = array();
$_crumbCount = 1;
$_crumbTotal = count($crumbs);
foreach ($crumbs as $_crumbName => $_crumbInfo) {
$_thisCrumb = "crumb-{$_crumbCount}";
$_nextCrumbNum = $_crumbCount+1;
$_nextCrumb = "crumb-{$_nextCrumbNum}";
$_itemChild = $_crumbCount == 1 ? '' : 'itemprop="child"';
$_nextRef = $_crumbInfo['last'] ? '' : "itemref=\"{$_nextCrumb}\"";
$_li = "<li id=\"{$_thisCrumb}\" itemscope itemtype=\"http://data-vocabulary.org/Breadcrumb\" {$_itemChild} {$_nextRef}>";
$_a = '<a href="'.$_crumbInfo['link'].'" itemprop="url">';
$_span = '<span itemprop="title" title="'.$_crumbInfo['title'].'">';
$_crumbItemParts = array(
$_li,
$_a,
$_span,
$this->escapeHtml($_crumbInfo['label']),
'</span>',
'</a>',
($_crumbInfo['last'] ? '' : '<span>/ </span>'),
'</li>'
);
$_crumbItems[] = implode('', $_crumbItemParts);
++$_crumbCount;
}
?>
<div class="breadcrumbs">
<ul>
<?php echo implode('', $_crumbItems); ?>
</ul>
</div>
@mokanfar
Copy link

XSS in search results of magento breadcrumbs. you are not escaping html everywhere.

@navarr
Copy link
Author

navarr commented Apr 30, 2019

@mokanfar: Looking at this 4 years later.. are you referring to the title? The link and name don't need to be escaped, but it does look like I failed to escape the title.

GIST is deprecated in favor of https://github.com/navarr/rwd-improved-seo/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment