Commit 966c3302 authored by alexpott's avatar alexpott

Issue #1919338 by catch, swentel, bblake, EllaTheHarpy, Cottser: Select widget...

Issue #1919338 by catch, swentel, bblake, EllaTheHarpy, Cottser: Select widget (from the options module) prone to double encoding.
parent 92c6c84d
......@@ -48,7 +48,7 @@ public function formElement(FieldItemListInterface $items, $delta, array $elemen
*/
static protected function sanitizeLabel(&$label) {
// Select form inputs allow unencoded HTML entities, but no HTML tags.
$label = strip_tags($label);
$label = decode_entities(strip_tags($label));
}
/**
......
......@@ -69,7 +69,7 @@ function setUp() {
'cardinality' => 1,
'settings' => array(
// Make sure that 0 works as an option.
'allowed_values' => array(0 => 'Zero', 1 => 'One', 2 => 'Some <script>dangerous</script> & unescaped <strong>markup</strong>'),
'allowed_values' => array(0 => 'Zero', 1 => 'One', 2 => 'Some <script>dangerous</script> & unescaped <strong>markup</strong>', 3 => 'Some HTML encoded markup with &lt; &amp; &gt;'),
),
));
$this->card_1->save();
......@@ -135,6 +135,7 @@ function testRadioButtons() {
$this->assertNoFieldChecked('edit-card-1-1');
$this->assertNoFieldChecked('edit-card-1-2');
$this->assertRaw('Some dangerous &amp; unescaped <strong>markup</strong>', 'Option text was properly filtered.');
$this->assertRaw('Some HTML encoded markup with &lt; &amp; &gt;');
// Select first option.
$edit = array('card_1' => 0);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment