Issue #3048707 by Daniel Korte, Lendude: Views AJAX arguments are not HTML decoded

(cherry picked from commit 5ad7fe32)

core/modules/views/src/Controller/ViewAjaxController.php

@@ -2,6 +2,7 @@
 
 namespace Drupal\views\Controller;
 
+use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\UrlHelper;
 use Drupal\Core\Ajax\ReplaceCommand;
 use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
@@ -113,7 +114,7 @@ public function ajaxView(Request $request) {
     $name = $request->request->get('view_name');
     $display_id = $request->request->get('view_display_id');
     if (isset($name) && isset($display_id)) {
-      $args = $request->request->get('view_args');
+      $args = Html::decodeEntities($request->request->get('view_args'));
       $args = isset($args) && $args !== '' ? explode('/', $args) : [];
 
       // Arguments can be empty, make sure they are passed on as NULL so that

core/modules/views/tests/src/Unit/Controller/ViewAjaxControllerTest.php

@@ -260,6 +260,26 @@ public function testAjaxViewWithEmptyArguments() {
     $this->assertViewResultCommand($response);
   }
 
+  /**
+   * Tests a valid view with arguments.
+   */
+  public function testAjaxViewWithHtmlEntityArguments() {
+    $request = new Request();
+    $request->request->set('view_name', 'test_view');
+    $request->request->set('view_display_id', 'page_1');
+    $request->request->set('view_args', 'arg1 & arg2/arg3');
+
+    list($view, $executable) = $this->setupValidMocks();
+    $executable->expects($this->once())
+      ->method('preview')
+      ->with('page_1', ['arg1 & arg2', 'arg3']);
+
+    $response = $this->viewAjaxController->ajaxView($request);
+    $this->assertTrue($response instanceof ViewAjaxResponse);
+
+    $this->assertViewResultCommand($response);
+  }
+
   /**
    * Tests a valid view with a pager.
    */