Skip to content
Snippets Groups Projects
Commit 4ba004d2 authored by catch's avatar catch
Browse files

Issue #2560055 by alexpott: Remove all usages SafeMarkup::checkPlain() in...

Issue #2560055 by alexpott: Remove all usages SafeMarkup::checkPlain() in DiffFormatter and SafeMarkup from the Diff component
parent ab748bf7
No related branches found
No related tags found
2 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!789Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10
...@@ -8,7 +8,6 @@ ...@@ -8,7 +8,6 @@
namespace Drupal\Component\Diff\Engine; namespace Drupal\Component\Diff\Engine;
use Drupal\Component\Utility\Unicode; use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\SafeMarkup;
/** /**
* Additions by Axel Boldt follow, partly taken from diff.php, phpwiki-1.3.3 * Additions by Axel Boldt follow, partly taken from diff.php, phpwiki-1.3.3
...@@ -38,10 +37,10 @@ class HWLDFWordAccumulator { ...@@ -38,10 +37,10 @@ class HWLDFWordAccumulator {
protected function _flushGroup($new_tag) { protected function _flushGroup($new_tag) {
if ($this->group !== '') { if ($this->group !== '') {
if ($this->tag == 'mark') { if ($this->tag == 'mark') {
$this->line = SafeMarkup::format('@original_line<span class="diffchange">@group</span>', ['@original_line' => $this->line, '@group' => $this->group]); $this->line = $this->line . '<span class="diffchange">' . $this->group . '</span>';
} }
else { else {
$this->line = SafeMarkup::format('@original_line@group', ['@original_line' => $this->line, '@group' => $this->group]); $this->line = $this->line . $this->group;
} }
} }
$this->group = ''; $this->group = '';
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
use Drupal\Component\Diff\DiffFormatter as DiffFormatterBase; use Drupal\Component\Diff\DiffFormatter as DiffFormatterBase;
use Drupal\Component\Diff\WordLevelDiff; use Drupal\Component\Diff\WordLevelDiff;
use Drupal\Component\Utility\SafeMarkup; use Drupal\Component\Utility\Html;
use Drupal\Core\Config\ConfigFactoryInterface; use Drupal\Core\Config\ConfigFactoryInterface;
/** /**
...@@ -107,7 +107,7 @@ protected function addedLine($line) { ...@@ -107,7 +107,7 @@ protected function addedLine($line) {
'class' => 'diff-marker', 'class' => 'diff-marker',
), ),
array( array(
'data' => $line, 'data' => ['#markup' => $line],
'class' => 'diff-context diff-addedline', 'class' => 'diff-context diff-addedline',
) )
); );
...@@ -129,7 +129,7 @@ protected function deletedLine($line) { ...@@ -129,7 +129,7 @@ protected function deletedLine($line) {
'class' => 'diff-marker', 'class' => 'diff-marker',
), ),
array( array(
'data' => $line, 'data' => ['#markup' => $line],
'class' => 'diff-context diff-deletedline', 'class' => 'diff-context diff-deletedline',
) )
); );
...@@ -148,7 +148,7 @@ protected function contextLine($line) { ...@@ -148,7 +148,7 @@ protected function contextLine($line) {
return array( return array(
' ', ' ',
array( array(
'data' => $line, 'data' => ['#markup' => $line],
'class' => 'diff-context', 'class' => 'diff-context',
) )
); );
...@@ -172,7 +172,7 @@ protected function emptyLine() { ...@@ -172,7 +172,7 @@ protected function emptyLine() {
*/ */
protected function _added($lines) { protected function _added($lines) {
foreach ($lines as $line) { foreach ($lines as $line) {
$this->rows[] = array_merge($this->emptyLine(), $this->addedLine(SafeMarkup::checkPlain($line))); $this->rows[] = array_merge($this->emptyLine(), $this->addedLine(Html::escape($line)));
} }
} }
...@@ -181,7 +181,7 @@ protected function _added($lines) { ...@@ -181,7 +181,7 @@ protected function _added($lines) {
*/ */
protected function _deleted($lines) { protected function _deleted($lines) {
foreach ($lines as $line) { foreach ($lines as $line) {
$this->rows[] = array_merge($this->deletedLine(SafeMarkup::checkPlain($line)), $this->emptyLine()); $this->rows[] = array_merge($this->deletedLine(Html::escape($line)), $this->emptyLine());
} }
} }
...@@ -190,7 +190,7 @@ protected function _deleted($lines) { ...@@ -190,7 +190,7 @@ protected function _deleted($lines) {
*/ */
protected function _context($lines) { protected function _context($lines) {
foreach ($lines as $line) { foreach ($lines as $line) {
$this->rows[] = array_merge($this->contextLine(SafeMarkup::checkPlain($line)), $this->contextLine(SafeMarkup::checkPlain($line))); $this->rows[] = array_merge($this->contextLine(Html::escape($line)), $this->contextLine(Html::escape($line)));
} }
} }
...@@ -198,6 +198,8 @@ protected function _context($lines) { ...@@ -198,6 +198,8 @@ protected function _context($lines) {
* {@inheritdoc} * {@inheritdoc}
*/ */
protected function _changed($orig, $closing) { protected function _changed($orig, $closing) {
$orig = array_map('\Drupal\Component\Utility\Html::escape', $orig);
$closing = array_map('\Drupal\Component\Utility\Html::escape', $closing);
$diff = new WordLevelDiff($orig, $closing); $diff = new WordLevelDiff($orig, $closing);
$del = $diff->orig(); $del = $diff->orig();
$add = $diff->closing(); $add = $diff->closing();
......
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
namespace Drupal\config\Tests; namespace Drupal\config\Tests;
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\SafeMarkup; use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Config\InstallStorage; use Drupal\Core\Config\InstallStorage;
use Drupal\simpletest\WebTestBase; use Drupal\simpletest\WebTestBase;
...@@ -275,23 +276,41 @@ function testImportDiff() { ...@@ -275,23 +276,41 @@ function testImportDiff() {
$change_key = 'foo'; $change_key = 'foo';
$remove_key = '404'; $remove_key = '404';
$add_key = 'biff'; $add_key = 'biff';
$add_data = 'bangpow'; $add_data = '<em>bangpow</em>';
$change_data = 'foobar'; $change_data = '<p><em>foobar</em></p>';
$original_data = array( $original_data = array(
'foo' => 'bar', 'foo' => '<p>foobar</p>',
'404' => 'herp', 'baz' => '<strong>no change</strong>',
'404' => '<em>herp</em>',
); );
// Update active storage to have html in config data.
$this->config($config_name)->setData($original_data)->save();
// Change a configuration value in staging. // Change a configuration value in staging.
$staging_data = $original_data; $staging_data = $original_data;
$staging_data[$change_key] = $change_data; $staging_data[$change_key] = $change_data;
$staging_data[$add_key] = $add_data; $staging_data[$add_key] = $add_data;
unset($staging_data[$remove_key]);
$staging->write($config_name, $staging_data); $staging->write($config_name, $staging_data);
// Load the diff UI and verify that the diff reflects the change. // Load the diff UI and verify that the diff reflects the change.
$this->drupalGet('admin/config/development/configuration/sync/diff/' . $config_name); $this->drupalGet('admin/config/development/configuration/sync/diff/' . $config_name);
$this->assertTitle(format_string('View changes of @config_name | Drupal', array('@config_name' => $config_name))); $this->assertTitle(format_string('View changes of @config_name | Drupal', array('@config_name' => $config_name)));
// The following assertions do not use $this::assertEscaped() because
// \Drupal\Component\Diff\DiffFormatter adds markup that signifies what has
// changed.
// Changed values are escaped.
$this->assertText(Html::escape("foo: '<p><em>foobar</em></p>'"));
$this->assertText(Html::escape("foo: '<p>foobar</p>'"));
// The no change values are escaped.
$this->assertText(Html::escape("baz: '<strong>no change</strong>'"));
// Added value is escaped.
$this->assertText(Html::escape("biff: '<em>bangpow</em>'"));
// Deleted value is escaped.
$this->assertText(Html::escape("404: '<em>herp</em>'"));
// Reset data back to original, and remove a key // Reset data back to original, and remove a key
$staging_data = $original_data; $staging_data = $original_data;
unset($staging_data[$remove_key]); unset($staging_data[$remove_key]);
...@@ -299,6 +318,11 @@ function testImportDiff() { ...@@ -299,6 +318,11 @@ function testImportDiff() {
// Load the diff UI and verify that the diff reflects a removed key. // Load the diff UI and verify that the diff reflects a removed key.
$this->drupalGet('admin/config/development/configuration/sync/diff/' . $config_name); $this->drupalGet('admin/config/development/configuration/sync/diff/' . $config_name);
// The no change values are escaped.
$this->assertText(Html::escape("foo: '<p>foobar</p>'"));
$this->assertText(Html::escape("baz: '<strong>no change</strong>'"));
// Removed key is escaped.
$this->assertText(Html::escape("404: '<em>herp</em>'"));
// Reset data back to original and add a key // Reset data back to original and add a key
$staging_data = $original_data; $staging_data = $original_data;
...@@ -307,6 +331,11 @@ function testImportDiff() { ...@@ -307,6 +331,11 @@ function testImportDiff() {
// Load the diff UI and verify that the diff reflects an added key. // Load the diff UI and verify that the diff reflects an added key.
$this->drupalGet('admin/config/development/configuration/sync/diff/' . $config_name); $this->drupalGet('admin/config/development/configuration/sync/diff/' . $config_name);
// The no change values are escaped.
$this->assertText(Html::escape("baz: '<strong>no change</strong>'"));
$this->assertText(Html::escape("404: '<em>herp</em>'"));
// Added key is escaped.
$this->assertText(Html::escape("biff: '<em>bangpow</em>'"));
} }
/** /**
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment