Skip to content
Snippets Groups Projects
Commit f5c9e223 authored by Jacob Rockowitz's avatar Jacob Rockowitz Committed by jrockowitz
Browse files

Issue #3245019 by jrockowitz, luke.stewart: Validation messages escape HTML incorrectly

parent 09699d23
No related branches found
Tags 6.1.0
No related merge requests found
......@@ -35,6 +35,7 @@ use Drupal\webform\Utility\WebformFormHelper;
use Drupal\webform\Utility\WebformHtmlHelper;
use Drupal\webform\Utility\WebformOptionsHelper;
use Drupal\webform\Utility\WebformReflectionHelper;
use Drupal\webform\Utility\WebformXss;
use Drupal\webform\WebformInterface;
use Drupal\webform\WebformSubmissionConditionsValidator;
use Drupal\webform\WebformSubmissionInterface;
......@@ -784,6 +785,12 @@ class WebformElementBase extends PluginBase implements WebformElementInterface,
$element['#attributes']['data-webform-required-error'] = WebformHtmlHelper::toPlainText($element['#required_error']);
$element['#required_error'] = WebformHtmlHelper::toHtmlMarkup($element['#required_error']);
}
// Convert #title to HTML markup so that it can displayed properly
// in error messages.
if (isset($element['#title'])) {
$element['#title'] = WebformHtmlHelper::toHtmlMarkup($element['#title'], WebformXss::getHtmlTagList());
}
}
// Replace tokens for all properties.
......
......@@ -13,29 +13,33 @@ template: false
archive: false
id: test_element_validate_required
title: 'Test: Element: Validate Required'
description: 'Test #required_error element validation support.'
description: 'Test #required and #required_error element validation support.'
category: 'Test: Element'
elements: |
required_textfield:
required_textfield_html:
'#type': textfield
'#title': 'required_error_textfield_<em>html</em>'
'#required': true
required_error_textfield:
'#type': textfield
'#title': required_textfield
'#title': required_error_textfield
'#required': true
'#required_error': 'This is a custom required message'
required_textfield_html:
required_error_textfield_html:
'#type': textfield
'#title': required_textfield_html
'#title': required_error_textfield_html
'#required': true
'#required_error': 'This is a <em>custom required message</em>'
required_radios:
required_error_radios:
'#type': radios
'#title': required_radios
'#title': required_error_radios
'#options':
one: One
two: Two
three: Three
'#required': true
'#required_error': 'This is a custom required message'
css: ''
javascript: ''
settings:
......
......@@ -22,10 +22,11 @@ class WebformElementValidateRequiredTest extends WebformElementBrowserTestBase {
public function testPattern() {
// Check that HTML tags are stripped from required error attribute.
$this->drupalGet('/webform/test_element_validate_required');
$this->assertRaw(' <input data-webform-required-error="This is a custom required message" data-drupal-selector="edit-required-textfield-html" type="text" id="edit-required-textfield-html" name="required_textfield_html" value="" size="60" maxlength="255" class="form-text required" required="required" aria-required="true" />');
$this->assertRaw('<input data-webform-required-error="This is a custom required message" data-drupal-selector="edit-required-error-textfield" type="text" id="edit-required-error-textfield" name="required_error_textfield" value="" size="60" maxlength="255" class="form-text required" required="required" aria-required="true" />');
// Check that HTML tags are rendered in validation message.
$this->drupalPostForm('/webform/test_element_validate_required', [], 'Submit');
$this->assertRaw(' <li>required_error_textfield_<em>html</em> field is required.</li>');
$this->assertRaw('<li>This is a <em>custom required message</em></li>');
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment