Commit 8691e08f authored by catch's avatar catch

Issue #2545972 by alexpott, joelpittet, ericjenkins, stefan.r, Wim Leers,...

Issue #2545972 by alexpott, joelpittet, ericjenkins, stefan.r, Wim Leers, Cottser: Remove all code usages SafeMarkup::checkPlain() and rely more on Twig autoescaping
parent cd37e6b9
...@@ -130,12 +130,6 @@ function drupal_install_schema($module) { ...@@ -130,12 +130,6 @@ function drupal_install_schema($module) {
* *
* @param string $module * @param string $module
* The module for which the tables will be removed. * The module for which the tables will be removed.
*
* @return array
* An array of arrays with the following key/value pairs:
* - success: a boolean indicating whether the query succeeded.
* - query: the SQL query(s) executed, passed through
* \Drupal\Component\Utility\SafeMarkup::checkPlain().
*/ */
function drupal_uninstall_schema($module) { function drupal_uninstall_schema($module) {
$schema = drupal_get_module_schema($module); $schema = drupal_get_module_schema($module);
......
...@@ -304,7 +304,7 @@ public static function setAllowedProtocols(array $protocols = array()) { ...@@ -304,7 +304,7 @@ public static function setAllowedProtocols(array $protocols = array()) {
* \Drupal\Component\Utility\Xss::filter(), but those functions return an * \Drupal\Component\Utility\Xss::filter(), but those functions return an
* HTML-encoded string, so this function can be called independently when the * HTML-encoded string, so this function can be called independently when the
* output needs to be a plain-text string for passing to functions that will * output needs to be a plain-text string for passing to functions that will
* call \Drupal\Component\Utility\SafeMarkup::checkPlain() separately. * call \Drupal\Component\Utility\Html::escape() separately.
* *
* @param string $uri * @param string $uri
* A plain-text URI that might contain dangerous protocols. * A plain-text URI that might contain dangerous protocols.
......
...@@ -106,7 +106,7 @@ public static function filter($string, array $html_tags = NULL) { ...@@ -106,7 +106,7 @@ public static function filter($string, array $html_tags = NULL) {
* *
* Use only for fields where it is impractical to use the * Use only for fields where it is impractical to use the
* whole filter system, but where some (mainly inline) mark-up * whole filter system, but where some (mainly inline) mark-up
* is desired (so \Drupal\Component\Utility\SafeMarkup::checkPlain() is * is desired (so \Drupal\Component\Utility\Html::escape() is
* not acceptable). * not acceptable).
* *
* Allows all tags that can be used inside an HTML body, save * Allows all tags that can be used inside an HTML body, save
......
...@@ -17,18 +17,20 @@ interface TitleResolverInterface { ...@@ -17,18 +17,20 @@ interface TitleResolverInterface {
/** /**
* Returns a static or dynamic title for the route. * Returns a static or dynamic title for the route.
* *
* The returned title string must be safe to output in HTML. For example, an * If the returned title can contain HTML that should not be escaped it should
* implementation should call \Drupal\Component\Utility\SafeMarkup::checkPlain() * return a render array, for example:
* or \Drupal\Component\Utility\Xss::filterAdmin() on the string, or use * @code
* appropriate placeholders to sanitize dynamic content inside a localized * ['#markup' => 'title', '#allowed_tags' => ['em']]
* string before returning it. The title may contain HTML such as EM tags. * @endcode
* If the method returns a string and it is not marked safe then it will be
* auto-escaped.
* *
* @param \Symfony\Component\HttpFoundation\Request $request * @param \Symfony\Component\HttpFoundation\Request $request
* The request object passed to the title callback. * The request object passed to the title callback.
* @param \Symfony\Component\Routing\Route $route * @param \Symfony\Component\Routing\Route $route
* The route information of the route to fetch the title. * The route information of the route to fetch the title.
* *
* @return string|null * @return array|string|null
* The title for the route. * The title for the route.
*/ */
public function getTitle(Request $request, Route $route); public function getTitle(Request $request, Route $route);
......
...@@ -7,7 +7,6 @@ ...@@ -7,7 +7,6 @@
namespace Drupal\Core\EventSubscriber; namespace Drupal\Core\EventSubscriber;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Logger\LoggerChannelFactoryInterface; use Drupal\Core\Logger\LoggerChannelFactoryInterface;
use Drupal\Core\Utility\Error; use Drupal\Core\Utility\Error;
use Symfony\Component\EventDispatcher\EventSubscriberInterface; use Symfony\Component\EventDispatcher\EventSubscriberInterface;
...@@ -45,7 +44,7 @@ public function __construct(LoggerChannelFactoryInterface $logger) { ...@@ -45,7 +44,7 @@ public function __construct(LoggerChannelFactoryInterface $logger) {
*/ */
public function on403(GetResponseForExceptionEvent $event) { public function on403(GetResponseForExceptionEvent $event) {
$request = $event->getRequest(); $request = $event->getRequest();
$this->logger->get('access denied')->warning(SafeMarkup::checkPlain($request->getRequestUri())); $this->logger->get('access denied')->warning('@uri', ['@uri' => $request->getRequestUri()]);
} }
/** /**
...@@ -56,7 +55,7 @@ public function on403(GetResponseForExceptionEvent $event) { ...@@ -56,7 +55,7 @@ public function on403(GetResponseForExceptionEvent $event) {
*/ */
public function on404(GetResponseForExceptionEvent $event) { public function on404(GetResponseForExceptionEvent $event) {
$request = $event->getRequest(); $request = $event->getRequest();
$this->logger->get('page not found')->warning(SafeMarkup::checkPlain($request->getRequestUri())); $this->logger->get('page not found')->warning('@uri', ['@uri' => $request->getRequestUri()]);
} }
/** /**
......
...@@ -7,7 +7,6 @@ ...@@ -7,7 +7,6 @@
namespace Drupal\Core\Extension; namespace Drupal\Core\Extension;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Config\ConfigFactoryInterface; use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\State\StateInterface; use Drupal\Core\State\StateInterface;
...@@ -428,7 +427,7 @@ public function getName($theme) { ...@@ -428,7 +427,7 @@ public function getName($theme) {
if (!isset($themes[$theme])) { if (!isset($themes[$theme])) {
throw new \InvalidArgumentException("Requested the name of a non-existing theme $theme"); throw new \InvalidArgumentException("Requested the name of a non-existing theme $theme");
} }
return SafeMarkup::checkPlain($themes[$theme]->info['name']); return $themes[$theme]->info['name'];
} }
/** /**
......
...@@ -24,7 +24,7 @@ trait AllowedTagsXssTrait { ...@@ -24,7 +24,7 @@ trait AllowedTagsXssTrait {
* *
* Used for items entered by administrators, like field descriptions, allowed * Used for items entered by administrators, like field descriptions, allowed
* values, where some (mainly inline) mark-up may be desired (so * values, where some (mainly inline) mark-up may be desired (so
* \Drupal\Component\Utility\SafeMarkup::checkPlain() is not acceptable). * \Drupal\Component\Utility\Html::escape() is not acceptable).
* *
* @param string $string * @param string $string
* The string with raw HTML in it. * The string with raw HTML in it.
......
...@@ -5,8 +5,6 @@ ...@@ -5,8 +5,6 @@
* Callbacks and hooks related to form system. * Callbacks and hooks related to form system.
*/ */
use Drupal\Component\Utility\SafeMarkup;
/** /**
* @addtogroup callbacks * @addtogroup callbacks
* @{ * @{
...@@ -79,7 +77,7 @@ function callback_batch_operation($MULTIPLE_PARAMS, &$context) { ...@@ -79,7 +77,7 @@ function callback_batch_operation($MULTIPLE_PARAMS, &$context) {
node_save($node); node_save($node);
// Store some result for post-processing in the finished callback. // Store some result for post-processing in the finished callback.
$context['results'][] = SafeMarkup::checkPlain($node->title); $context['results'][] = $node->title;
// Update our progress information. // Update our progress information.
$context['sandbox']['progress']++; $context['sandbox']['progress']++;
......
...@@ -461,9 +461,6 @@ function hook_system_breadcrumb_alter(\Drupal\Core\Breadcrumb\Breadcrumb &$bread ...@@ -461,9 +461,6 @@ function hook_system_breadcrumb_alter(\Drupal\Core\Breadcrumb\Breadcrumb &$bread
* must be a string; other elements are more flexible, as they just need * must be a string; other elements are more flexible, as they just need
* to work as an argument for the constructor of the class * to work as an argument for the constructor of the class
* Drupal\Core\Template\Attribute($options['attributes']). * Drupal\Core\Template\Attribute($options['attributes']).
* - html: Whether or not HTML should be allowed as the link text. If FALSE,
* the text will be run through
* \Drupal\Component\Utility\SafeMarkup::checkPlain() before being output.
* *
* @see \Drupal\Core\Routing\UrlGenerator::generateFromPath() * @see \Drupal\Core\Routing\UrlGenerator::generateFromPath()
* @see \Drupal\Core\Routing\UrlGenerator::generateFromRoute() * @see \Drupal\Core\Routing\UrlGenerator::generateFromRoute()
......
...@@ -116,10 +116,7 @@ public function getPreferredAdminLangcode($fallback_to_default = TRUE); ...@@ -116,10 +116,7 @@ public function getPreferredAdminLangcode($fallback_to_default = TRUE);
* @see hook_user_format_name_alter() * @see hook_user_format_name_alter()
* *
* @return * @return
* An unsanitized string with the username to display. The code receiving * An unsanitized string with the username to display.
* this result must ensure that \Drupal\Component\Utility\SafeMarkup::checkPlain()
* is called on it before it is
* printed to the page.
*/ */
public function getUsername(); public function getUsername();
......
...@@ -164,8 +164,8 @@ public function __construct(ModuleHandlerInterface $module_handler, CacheBackend ...@@ -164,8 +164,8 @@ public function __construct(ModuleHandlerInterface $module_handler, CacheBackend
* display to a web browser. Defaults to TRUE. Developers who set this * display to a web browser. Defaults to TRUE. Developers who set this
* option to FALSE assume responsibility for running * option to FALSE assume responsibility for running
* \Drupal\Component\Utility\Xss::filter(), * \Drupal\Component\Utility\Xss::filter(),
* \Drupal\Component\Utility\SafeMarkup::checkPlain() or other appropriate * \Drupal\Component\Utility\Html::escape() or other appropriate scrubbing
* scrubbing functions before displaying data to users. * functions before displaying data to users.
* @param \Drupal\Core\Render\BubbleableMetadata $bubbleable_metadata|null * @param \Drupal\Core\Render\BubbleableMetadata $bubbleable_metadata|null
* (optional) An object to which static::generate() and the hooks and * (optional) An object to which static::generate() and the hooks and
* functions that it invokes will add their required bubbleable metadata. * functions that it invokes will add their required bubbleable metadata.
...@@ -285,8 +285,8 @@ public function scan($text) { ...@@ -285,8 +285,8 @@ public function scan($text) {
* - sanitize: A boolean flag indicating that tokens should be sanitized for * - sanitize: A boolean flag indicating that tokens should be sanitized for
* display to a web browser. Developers who set this option to FALSE assume * display to a web browser. Developers who set this option to FALSE assume
* responsibility for running \Drupal\Component\Utility\Xss::filter(), * responsibility for running \Drupal\Component\Utility\Xss::filter(),
* \Drupal\Component\Utility\SafeMarkup::checkPlain() or other appropriate * \Drupal\Component\Utility\Html::escape() or other appropriate scrubbing
* scrubbing functions before displaying data to users. * functions before displaying data to users.
* @param \Drupal\Core\Render\BubbleableMetadata $bubbleable_metadata * @param \Drupal\Core\Render\BubbleableMetadata $bubbleable_metadata
* The bubbleable metadata. This is passed to the token replacement * The bubbleable metadata. This is passed to the token replacement
* implementations so that they can attach their metadata. * implementations so that they can attach their metadata.
......
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
namespace Drupal\block\Controller; namespace Drupal\block\Controller;
use Drupal\Component\Utility\Html;
use Drupal\Core\Controller\ControllerBase; use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Extension\ThemeHandler; use Drupal\Core\Extension\ThemeHandler;
use Drupal\Core\Extension\ThemeHandlerInterface; use Drupal\Core\Extension\ThemeHandlerInterface;
...@@ -55,7 +56,7 @@ public static function create(ContainerInterface $container) { ...@@ -55,7 +56,7 @@ public static function create(ContainerInterface $container) {
*/ */
public function demo($theme) { public function demo($theme) {
$page = [ $page = [
'#title' => $this->themeHandler->getName($theme), '#title' => Html::escape($this->themeHandler->getName($theme)),
'#type' => 'page', '#type' => 'page',
'#attached' => array( '#attached' => array(
'drupalSettings' => [ 'drupalSettings' => [
......
...@@ -7,8 +7,8 @@ ...@@ -7,8 +7,8 @@
namespace Drupal\block\Controller; namespace Drupal\block\Controller;
use Drupal\Component\Utility\Html;
use Drupal\Core\Block\BlockManagerInterface; use Drupal\Core\Block\BlockManagerInterface;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\DependencyInjection\ContainerInjectionInterface; use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\JsonResponse;
...@@ -59,7 +59,7 @@ public function autocomplete(Request $request) { ...@@ -59,7 +59,7 @@ public function autocomplete(Request $request) {
$matches = array(); $matches = array();
foreach ($this->blockManager->getCategories() as $category) { foreach ($this->blockManager->getCategories() as $category) {
if (stripos($category, $typed_category) === 0) { if (stripos($category, $typed_category) === 0) {
$matches[] = array('value' => $category, 'label' => SafeMarkup::checkPlain($category)); $matches[] = array('value' => $category, 'label' => Html::escape($category));
} }
} }
return new JsonResponse($matches); return new JsonResponse($matches);
......
...@@ -86,6 +86,10 @@ public function testBlockDemoUiPage() { ...@@ -86,6 +86,10 @@ public function testBlockDemoUiPage() {
$this->clickLink(t('Demonstrate block regions (@theme)', array('@theme' => 'Classy'))); $this->clickLink(t('Demonstrate block regions (@theme)', array('@theme' => 'Classy')));
$elements = $this->xpath('//div[contains(@class, "region-highlighted")]/div[contains(@class, "block-region") and contains(text(), :title)]', array(':title' => 'Highlighted')); $elements = $this->xpath('//div[contains(@class, "region-highlighted")]/div[contains(@class, "block-region") and contains(text(), :title)]', array(':title' => 'Highlighted'));
$this->assertTrue(!empty($elements), 'Block demo regions are shown.'); $this->assertTrue(!empty($elements), 'Block demo regions are shown.');
\Drupal::service('theme_handler')->install(array('test_theme'));
$this->drupalGet('admin/structure/block/demo/test_theme');
$this->assertEscaped('<strong>Test theme</strong>');
} }
/** /**
......
...@@ -7,8 +7,8 @@ ...@@ -7,8 +7,8 @@
namespace Drupal\Tests\block\Unit; namespace Drupal\Tests\block\Unit;
use Drupal\Component\Utility\Html;
use Drupal\block\Controller\CategoryAutocompleteController; use Drupal\block\Controller\CategoryAutocompleteController;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Tests\UnitTestCase; use Drupal\Tests\UnitTestCase;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
...@@ -48,7 +48,7 @@ protected function setUp() { ...@@ -48,7 +48,7 @@ protected function setUp() {
*/ */
public function testAutocompleteSuggestions($string, $suggestions) { public function testAutocompleteSuggestions($string, $suggestions) {
$suggestions = array_map(function ($suggestion) { $suggestions = array_map(function ($suggestion) {
return array('value' => $suggestion, 'label' => SafeMarkup::checkPlain($suggestion)); return array('value' => $suggestion, 'label' => Html::escape($suggestion));
}, $suggestions); }, $suggestions);
$result = $this->autocompleteController->autocomplete(new Request(array('q' => $string))); $result = $this->autocompleteController->autocomplete(new Request(array('q' => $string)));
$this->assertSame($suggestions, json_decode($result->getContent(), TRUE)); $this->assertSame($suggestions, json_decode($result->getContent(), TRUE));
......
...@@ -16,7 +16,6 @@ ...@@ -16,7 +16,6 @@
use Drupal\comment\Entity\CommentType; use Drupal\comment\Entity\CommentType;
use Drupal\Core\Entity\FieldableEntityInterface; use Drupal\Core\Entity\FieldableEntityInterface;
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface; use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Routing\RouteMatchInterface; use Drupal\Core\Routing\RouteMatchInterface;
...@@ -579,7 +578,7 @@ function comment_preview(CommentInterface $comment, FormStateInterface $form_sta ...@@ -579,7 +578,7 @@ function comment_preview(CommentInterface $comment, FormStateInterface $form_sta
if (!empty($account) && $account->isAuthenticated()) { if (!empty($account) && $account->isAuthenticated()) {
$comment->setOwner($account); $comment->setOwner($account);
$comment->setAuthorName(SafeMarkup::checkPlain($account->getUsername())); $comment->setAuthorName($account->getUsername());
} }
elseif (empty($author_name)) { elseif (empty($author_name)) {
$comment->setAuthorName(\Drupal::config('user.settings')->get('anonymous')); $comment->setAuthorName(\Drupal::config('user.settings')->get('anonymous'));
......
...@@ -7,7 +7,6 @@ ...@@ -7,7 +7,6 @@
namespace Drupal\comment\Plugin\views\argument; namespace Drupal\comment\Plugin\views\argument;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Database\Connection; use Drupal\Core\Database\Connection;
use Drupal\views\Plugin\views\argument\ArgumentPluginBase; use Drupal\views\Plugin\views\argument\ArgumentPluginBase;
use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\DependencyInjection\ContainerInterface;
...@@ -65,7 +64,7 @@ function title() { ...@@ -65,7 +64,7 @@ function title() {
return $this->t('No user'); return $this->t('No user');
} }
return SafeMarkup::checkPlain($title); return $title;
} }
protected function defaultActions($which = NULL) { protected function defaultActions($which = NULL) {
......
...@@ -8,6 +8,7 @@ ...@@ -8,6 +8,7 @@
namespace Drupal\comment\Tests; namespace Drupal\comment\Tests;
use Drupal\comment\CommentManagerInterface; use Drupal\comment\CommentManagerInterface;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Datetime\DrupalDateTime; use Drupal\Core\Datetime\DrupalDateTime;
use Drupal\comment\Entity\Comment; use Drupal\comment\Entity\Comment;
...@@ -39,17 +40,31 @@ function testCommentPreview() { ...@@ -39,17 +40,31 @@ function testCommentPreview() {
$this->setCommentSettings('default_mode', CommentManagerInterface::COMMENT_MODE_THREADED, 'Comment paging changed.'); $this->setCommentSettings('default_mode', CommentManagerInterface::COMMENT_MODE_THREADED, 'Comment paging changed.');
$this->drupalLogout(); $this->drupalLogout();
// Login as web user and add a user picture. // Login as web user.
$this->drupalLogin($this->webUser); $this->drupalLogin($this->webUser);
$image = current($this->drupalGetTestFiles('image'));
$edit['files[user_picture_0]'] = drupal_realpath($image->uri);
$this->drupalPostForm('user/' . $this->webUser->id() . '/edit', $edit, t('Save'));
// As the web user, fill in the comment form and preview the comment. // Test escaping of the username on the preview form.
\Drupal::service('module_installer')->install(['user_hooks_test']);
\Drupal::state()->set('user_hooks_test_user_format_name_alter', TRUE);
$edit = array(); $edit = array();
$edit['subject[0][value]'] = $this->randomMachineName(8); $edit['subject[0][value]'] = $this->randomMachineName(8);
$edit['comment_body[0][value]'] = $this->randomMachineName(16); $edit['comment_body[0][value]'] = $this->randomMachineName(16);
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview')); $this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
$this->assertEscaped('<em>' . $this->webUser->id() . '</em>');
\Drupal::state()->set('user_hooks_test_user_format_name_alter_safe', TRUE);
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
$this->assertTrue(SafeMarkup::isSafe($this->webUser->getUsername()), 'Username is marked safe');
$this->assertNoEscaped('<em>' . $this->webUser->id() . '</em>');
$this->assertRaw('<em>' . $this->webUser->id() . '</em>');
// Add a user picture.
$image = current($this->drupalGetTestFiles('image'));
$user_edit['files[user_picture_0]'] = drupal_realpath($image->uri);
$this->drupalPostForm('user/' . $this->webUser->id() . '/edit', $user_edit, t('Save'));
// As the web user, fill in the comment form and preview the comment.
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
// Check that the preview is displaying the title and body. // Check that the preview is displaying the title and body.
$this->assertTitle(t('Preview comment | Drupal'), 'Page title is "Preview comment".'); $this->assertTitle(t('Preview comment | Drupal'), 'Page title is "Preview comment".');
......
...@@ -7,7 +7,6 @@ ...@@ -7,7 +7,6 @@
namespace Drupal\field_ui\Form; namespace Drupal\field_ui\Form;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityForm; use Drupal\Core\Entity\EntityForm;
use Drupal\Core\Field\AllowedTagsXssTrait; use Drupal\Core\Field\AllowedTagsXssTrait;
use Drupal\Core\Field\FieldFilteredString; use Drupal\Core\Field\FieldFilteredString;
...@@ -203,7 +202,7 @@ public function save(array $form, FormStateInterface $form_state) { ...@@ -203,7 +202,7 @@ public function save(array $form, FormStateInterface $form_state) {
* The label of the field. * The label of the field.
*/ */
public function getTitle(FieldConfigInterface $field_config) { public function getTitle(FieldConfigInterface $field_config) {
return SafeMarkup::checkPlain($field_config->label()); return $field_config->label();
} }
} }
...@@ -80,8 +80,8 @@ protected function setUp() { ...@@ -80,8 +80,8 @@ protected function setUp() {
$type = $this->drupalCreateContentType(array('name' => $type_name, 'type' => $type_name)); $type = $this->drupalCreateContentType(array('name' => $type_name, 'type' => $type_name));
$this->contentType = $type->id(); $this->contentType = $type->id();
// Create random field name. // Create random field name with markup to test escaping.
$this->fieldLabel = $this->randomMachineName(8); $this->fieldLabel = '<em>' . $this->randomMachineName(8) . '</em>';
$this->fieldNameInput = strtolower($this->randomMachineName(8)); $this->fieldNameInput = strtolower($this->randomMachineName(8));
$this->fieldName = 'field_'. $this->fieldNameInput; $this->fieldName = 'field_'. $this->fieldNameInput;
...@@ -194,6 +194,7 @@ function updateField() { ...@@ -194,6 +194,7 @@ function updateField() {
$field_id = 'node.' . $this->contentType . '.' . $this->fieldName; $field_id = 'node.' . $this->contentType . '.' . $this->fieldName;
// Go to the field edit page. // Go to the field edit page.
$this->drupalGet('admin/structure/types/manage/' . $this->contentType . '/fields/' . $field_id . '/storage'); $this->drupalGet('admin/structure/types/manage/' . $this->contentType . '/fields/' . $field_id . '/storage');
$this->assertEscaped($this->fieldLabel);
// Populate the field settings with new settings. // Populate the field settings with new settings.
$string = 'updated dummy test string'; $string = 'updated dummy test string';
......
...@@ -479,8 +479,6 @@ function testNoFollowFilter() { ...@@ -479,8 +479,6 @@ function testNoFollowFilter() {
/** /**
* Tests the HTML escaping filter. * Tests the HTML escaping filter.
*
* \Drupal\Component\Utility\SafeMarkup::checkPlain() is not tested here.
*/ */
function testHtmlEscapeFilter() { function testHtmlEscapeFilter() {
// Get FilterHtmlEscape object. // Get FilterHtmlEscape object.
......
...@@ -7,7 +7,6 @@ ...@@ -7,7 +7,6 @@
namespace Drupal\node\Controller; namespace Drupal\node\Controller;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityInterface; use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\Controller\EntityViewController; use Drupal\Core\Entity\Controller\EntityViewController;
...@@ -61,7 +60,7 @@ public function view(EntityInterface $node_preview, $view_mode_id = 'full', $lan ...@@ -61,7 +60,7 @@ public function view(EntityInterface $node_preview, $view_mode_id = 'full', $lan
* The page title. * The page title.
*/ */
public function title(EntityInterface $node_preview) { public function title(EntityInterface $node_preview) {
return SafeMarkup::checkPlain($this->entityManager->getTranslationFromContext($node_preview)->label()); return $this->entityManager->getTranslationFromContext($node_preview)->label();
} }
} }
...@@ -7,7 +7,6 @@ ...@@ -7,7 +7,6 @@
namespace Drupal\node\Plugin\views\argument; namespace Drupal\node\Plugin\views\argument;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityStorageInterface; use Drupal\Core\Entity\EntityStorageInterface;
use Drupal\views\Plugin\views\argument\StringArgument; use Drupal\views\Plugin\views\argument\StringArgument;
use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\DependencyInjection\ContainerInterface;
...@@ -76,7 +75,7 @@ function title() { ...@@ -76,7 +75,7 @@ function title() {
function node_type($type_name) { function node_type($type_name) {
$type = $this->nodeTypeStorage->load($type_name); $type = $this->nodeTypeStorage->load($type_name);
$output = $type ? $type->label() : $this->t('Unknown content type'); $output = $type ? $type->label() : $this->t('Unknown content type');
return SafeMarkup::checkPlain($output); return $output;
} }