S3 Files Signed AWS URLs Break Shortcode Parser

ryanwachtl · February 17, 2025, 8:37am

Silverstripe Version: 5.3

**Question: ** Has anyone had any issues or experience with S3 files and the signed AWS url generated for protected files breaking during the shortcode parsing of the HTML editor fields on the front-end?

We’re using the silverstripe/s3 module to store assets in an S3 bucket. Everything works with the exception of files that get inserted into the CMS HTML editor and break the page during parsing on the [file_link] shortcode. The files are restricted to certain Member Groups. It seems specifically that the signed AWS url is breaking something.

# [Warning] SilverStripe\View\Parsers\ShortcodeParser::replaceAttributeTagsWithContent(): unterminated entity reference X-Amz-Security-Token=...

GuySartorelli · February 17, 2025, 8:18pm

If you haven’t done so already, this sounds like something that should be raised as a GitHub issue for the s3 module.

ryanwachtl · February 17, 2025, 9:05pm

I discovered that some ampersands in the S3 file url were causing the issue. For now I have replaced the shortcode handler for [file_link] to check for those urls and correct them. I’m not sure of the source of the issue or if the S3 module handles that part of it. Once I can dig in further I raise an issue in the appropriate place.

Thank you!