Issue #2856598 by apkwilson, NickDickinsonWilde, ranjith_kumar_k_u, adhariwal,...

Issue #2856598 by apkwilson, NickDickinsonWilde, ranjith_kumar_k_u, adhariwal, yogeshmpawar, smustgrave, quietone: Views field rewrite replacement subtoken yields double encoded HTML entities

core/modules/views/src/Plugin/views/field/EntityField.php

@@ -986,7 +986,7 @@ protected function addSelfTokens(&$tokens, $item) {
 
         if (is_array($raw)) {
           if (isset($raw[$id]) && is_scalar($raw[$id])) {
-            $tokens['{{ ' . $this->options['id'] . '__' . $id . ' }}'] = Xss::filterAdmin($raw[$id]);
+            $tokens['{{ ' . $this->options['id'] . '__' . $id . ' }}'] = $raw[$id];
           }
           else {
             // Make sure that empty values are replaced as well.
@@ -999,7 +999,7 @@ protected function addSelfTokens(&$tokens, $item) {
           // Check if TypedDataInterface is implemented so we know how to render
           // the item as a string.
           if (!empty($property) && $property instanceof TypedDataInterface) {
-            $tokens['{{ ' . $this->options['id'] . '__' . $id . ' }}'] = Xss::filterAdmin($property->getString());
+            $tokens['{{ ' . $this->options['id'] . '__' . $id . ' }}'] = $property->getString();
           }
           else {
             // Make sure that empty values are replaced as well.

core/modules/views/tests/modules/views_test_config/test_views/views.view.test_field_self_tokens.yml

+langcode: en
+status: true
+dependencies:
+  module:
+    - node
+id: test_field_self_tokens
+label: ''
+module: views
+description: ''
+tag: ''
+base_table: node_field_data
+base_field: nid
+display:
+  default:
+    display_plugin: default
+    id: default
+    display_title: Master
+    position: 0
+    display_options:
+      pager:
+        type: none
+        options:
+          offset: 0
+      row:
+        type: fields
+      fields:
+        title:
+          id: title
+          table: node_field_data
+          field: title
+          entity_type: node
+          entity_field: title
+          plugin_id: field

core/modules/views/tests/src/Kernel/Handler/FieldSelfTokensTest.php

+<?php
+
+namespace Drupal\Tests\views\Kernel\Handler;
+
+use Drupal\Core\Render\RenderContext;
+use Drupal\node\Entity\Node;
+use Drupal\node\Entity\NodeType;
+use Drupal\Tests\views\Kernel\ViewsKernelTestBase;
+use Drupal\views\Views;
+
+/**
+ * Tests token escaping in the EntityField handler.
+ *
+ * @group views
+ */
+class FieldSelfTokensTest extends ViewsKernelTestBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  protected static $modules = ['node'];
+
+  /**
+   * Views used by this test.
+   *
+   * @var array
+   */
+  public static $testViews = ['test_field_self_tokens'];
+
+  /**
+   * This method is called before each test.
+   */
+  protected function setUp($import_test_views = TRUE): void {
+    parent::setUp();
+
+    $this->installEntitySchema('user');
+    $this->installEntitySchema('node');
+
+    NodeType::create(['type' => 'article', 'name' => 'Article'])->save();
+
+    Node::create([
+      'title' => 'Questions & Answers',
+      'type' => 'article',
+    ])->save();
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function testSelfTokenEscaping() {
+    $view = Views::getView('test_field_self_tokens');
+    $view->initHandlers();
+    $this->executeView($view);
+    $row = $view->result[0];
+    $title_field = $view->field['title'];
+    $title_field->options['alter']['text'] = '<p>{{ title__value }}</p>';
+    $title_field->options['alter']['alter_text'] = TRUE;
+    $output = \Drupal::service('renderer')->executeInRenderContext(new RenderContext(), function () use ($title_field, $row) {
+      return $title_field->theme($row);
+    });
+    $this->assertSame('<p>Questions &amp; Answers</p>', (string) $output);
+  }
+
+}