From 91cd1ab5e490df3b928bc59b5ee85313cc4886dc Mon Sep 17 00:00:00 2001
From: nod_ <nod_@598310.no-reply.drupal.org>
Date: Thu, 12 Sep 2024 09:50:12 +0200
Subject: [PATCH] Issue #3464340 by herved, ahsannazir, smustgrave, longwave,
 nod_: JS errors from Drupal.behaviors.activeLinks (... is not a valid
 selector)

---
 core/misc/active-link.js                      |  6 ++--
 .../FunctionalJavascript/ActiveLinkTest.php   | 33 +++++++++++++++++++
 2 files changed, 36 insertions(+), 3 deletions(-)
 create mode 100644 core/modules/system/tests/src/FunctionalJavascript/ActiveLinkTest.php

diff --git a/core/misc/active-link.js b/core/misc/active-link.js
index e3ca0e239a9a..464e9a4044f0 100644
--- a/core/misc/active-link.js
+++ b/core/misc/active-link.js
@@ -23,11 +23,11 @@
       // Start by finding all potentially active links.
       const path = drupalSettings.path;
       const queryString = JSON.stringify(path.currentQuery);
-      const querySelector = path.currentQuery
-        ? `[data-drupal-link-query='${queryString}']`
+      const querySelector = queryString
+        ? `[data-drupal-link-query="${CSS.escape(queryString)}"]`
         : ':not([data-drupal-link-query])';
       const originalSelectors = [
-        `[data-drupal-link-system-path="${path.currentPath}"]`,
+        `[data-drupal-link-system-path="${CSS.escape(path.currentPath)}"]`,
       ];
       let selectors;
 
diff --git a/core/modules/system/tests/src/FunctionalJavascript/ActiveLinkTest.php b/core/modules/system/tests/src/FunctionalJavascript/ActiveLinkTest.php
new file mode 100644
index 000000000000..5d2a2848aa04
--- /dev/null
+++ b/core/modules/system/tests/src/FunctionalJavascript/ActiveLinkTest.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Drupal\Tests\system\FunctionalJavascript;
+
+use Drupal\FunctionalJavascriptTests\WebDriverTestBase;
+
+/**
+ * Tests active link JS behavior.
+ *
+ * @see Drupal.behaviors.activeLinks
+ *
+ * @group system
+ */
+class ActiveLinkTest extends WebDriverTestBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  protected $defaultTheme = 'stark';
+
+  /**
+   * Ensures no JS error is thrown with query strings containing special chars.
+   */
+  public function testQueryStringQuotes(): void {
+    $user = $this->createUser();
+    $this->drupalLogin($user);
+    $this->drupalGet($this->getSession()->getCurrentUrl(), ['query' => ['foo' => "\"'[](){}*+~>|\\/:;,.!@#$%^&-_=?<>"]]);
+    $this->failOnJavaScriptErrors();
+  }
+
+}
-- 
GitLab