Issue #2457781 by prateekMehta, stefan.r, AjitS, hussainweb: Use Utility\Html...

Issue #2457781 by prateekMehta, stefan.r, AjitS, hussainweb: Use Utility\Html class instead of Utility\String for decodeEntities() function

core/lib/Drupal/Component/Utility/UrlHelper.php

@@ -271,7 +271,7 @@ public static function externalIsLocal($url, $base_url) {
   public static function filterBadProtocol($string) {
     // Get the plain text representation of the attribute value (i.e. its
     // meaning).
-    $string = String::decodeEntities($string);
+    $string = Html::decodeEntities($string);
     return SafeMarkup::checkPlain(static::stripDangerousProtocols($string));
   }
 

core/lib/Drupal/Core/Entity/EntityAutocompleteMatcher.php

@@ -7,7 +7,7 @@
 
 namespace Drupal\Core\Entity;
 
-use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\Tags;
 use Drupal\Core\Entity\EntityReferenceSelection\SelectionPluginManagerInterface;
 
@@ -75,7 +75,7 @@ public function getMatches($target_type, $selection_handler, $selection_settings
           $key = "$label ($entity_id)";
           // Strip things like starting/trailing white spaces, line breaks and
           // tags.
-          $key = preg_replace('/\s\s+/', ' ', str_replace("\n", '', trim(String::decodeEntities(strip_tags($key)))));
+          $key = preg_replace('/\s\s+/', ' ', str_replace("\n", '', trim(Html::decodeEntities(strip_tags($key)))));
           // Names containing commas or quotes must be wrapped in quotes.
           $key = Tags::encode($key);
           $matches[] = array('value' => $key, 'label' => $label);

core/lib/Drupal/Core/Field/Plugin/Field/FieldWidget/OptionsSelectWidget.php

@@ -7,7 +7,7 @@
 
 namespace Drupal\Core\Field\Plugin\Field\FieldWidget;
 
-use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Html;
 use Drupal\Core\Field\FieldItemListInterface;
 use Drupal\Core\Form\FormStateInterface;
 
@@ -49,7 +49,7 @@ public function formElement(FieldItemListInterface $items, $delta, array $elemen
    */
   protected function sanitizeLabel(&$label) {
     // Select form inputs allow unencoded HTML entities, but no HTML tags.
-    $label = String::decodeEntities(strip_tags($label));
+    $label = Html::decodeEntities(strip_tags($label));
   }
 
   /**

core/lib/Drupal/Core/Mail/MailFormatHelper.php

@@ -8,7 +8,6 @@
 namespace Drupal\Core\Mail;
 
 use Drupal\Component\Utility\Html;
-use Drupal\Component\Utility\String;
 use Drupal\Component\Utility\Unicode;
 use Drupal\Component\Utility\Xss;
 use Drupal\Core\Site\Settings;
@@ -264,7 +263,7 @@ public static function htmlToText($string, $allowed_tags = NULL) {
       else {
         // Convert inline HTML text to plain text; not removing line-breaks or
         // white-space, since that breaks newlines when sanitizing plain-text.
-        $value = trim(String::decodeEntities($value));
+        $value = trim(Html::decodeEntities($value));
         if (Unicode::strlen($value)) {
           $chunk = $value;
         }

core/modules/comment/src/CommentForm.php

@@ -9,7 +9,6 @@
 
 use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
 use Drupal\Component\Utility\Html;
-use Drupal\Component\Utility\String;
 use Drupal\Component\Utility\Unicode;
 use Drupal\Core\Cache\Cache;
 use Drupal\Core\Datetime\DrupalDateTime;
@@ -293,7 +292,7 @@ public function buildEntity(array $form, FormStateInterface $form_state) {
       // 2) Strip out all HTML tags
       // 3) Convert entities back to plain-text.
       $comment_text = $comment->comment_body->processed;
-      $comment->setSubject(Unicode::truncate(trim(String::decodeEntities(strip_tags($comment_text))), 29, TRUE));
+      $comment->setSubject(Unicode::truncate(trim(Html::decodeEntities(strip_tags($comment_text))), 29, TRUE));
       // Edge cases where the comment body is populated only by HTML tags will
       // require a default subject.
       if ($comment->getSubject() == '') {

core/modules/contextual/src/Plugin/views/field/ContextualLinks.php

@@ -8,7 +8,7 @@
 namespace Drupal\contextual\Plugin\views\field;
 
 use Drupal\Component\Serialization\Json;
-use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\UrlHelper;
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Url;
@@ -112,7 +112,7 @@ public function render(ResultRow $values) {
       if (!empty($title) && !empty($path)) {
         // Make sure that tokens are replaced for this paths as well.
         $tokens = $this->getRenderTokens(array());
-        $path = strip_tags(String::decodeEntities(strtr($path, $tokens)));
+        $path = strip_tags(Html::decodeEntities(strtr($path, $tokens)));
 
         $links[$field] = array(
           'href' => $path,

core/modules/filter/filter.module

@@ -7,7 +7,6 @@
 
 use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\Unicode;
-use Drupal\Component\Utility\String;
 use Drupal\Component\Utility\SafeMarkup;
 use Drupal\Component\Utility\Xss;
 use Drupal\Core\Cache\Cache;
@@ -652,7 +651,7 @@ function _filter_url_parse_full_links($match) {
   // The $i:th parenthesis in the regexp contains the URL.
   $i = 1;
 
-  $match[$i] = String::decodeEntities($match[$i]);
+  $match[$i] = Html::decodeEntities($match[$i]);
   $caption = SafeMarkup::checkPlain(_filter_url_trim($match[$i]));
   $match[$i] = SafeMarkup::checkPlain($match[$i]);
   return '<a href="' . $match[$i] . '">' . $caption . '</a>';
@@ -667,7 +666,7 @@ function _filter_url_parse_email_links($match) {
   // The $i:th parenthesis in the regexp contains the URL.
   $i = 0;
 
-  $match[$i] = String::decodeEntities($match[$i]);
+  $match[$i] = Html::decodeEntities($match[$i]);
   $caption = SafeMarkup::checkPlain(_filter_url_trim($match[$i]));
   $match[$i] = SafeMarkup::checkPlain($match[$i]);
   return '<a href="mailto:' . $match[$i] . '">' . $caption . '</a>';
@@ -682,7 +681,7 @@ function _filter_url_parse_partial_links($match) {
   // The $i:th parenthesis in the regexp contains the URL.
   $i = 1;
 
-  $match[$i] = String::decodeEntities($match[$i]);
+  $match[$i] = Html::decodeEntities($match[$i]);
   $caption = SafeMarkup::checkPlain(_filter_url_trim($match[$i]));
   $match[$i] = SafeMarkup::checkPlain($match[$i]);
   return '<a href="http://' . $match[$i] . '">' . $caption . '</a>';

core/modules/filter/src/Plugin/Filter/FilterCaption.php

@@ -9,7 +9,6 @@
 
 use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\SafeMarkup;
-use Drupal\Component\Utility\String;
 use Drupal\Component\Utility\Unicode;
 use Drupal\Component\Utility\Xss;
 use Drupal\filter\FilterProcessResult;
@@ -45,7 +44,7 @@ public function process($text, $langcode) {
 
         // Sanitize caption: decode HTML encoding, limit allowed HTML tags; only
         // allow inline tags that are allowed by default, plus <br>.
-        $caption = String::decodeEntities($caption);
+        $caption = Html::decodeEntities($caption);
         $caption = Xss::filter($caption, array('a', 'em', 'strong', 'cite', 'code', 'br'));
 
         // The caption must be non-empty.

core/modules/filter/src/Tests/FilterUnitTest.php

@@ -8,7 +8,6 @@
 namespace Drupal\filter\Tests;
 
 use Drupal\Component\Utility\Html;
-use Drupal\Component\Utility\String;
 use Drupal\Component\Utility\SafeMarkup;
 use Drupal\filter\FilterPluginCollection;
 use Drupal\simpletest\KernelTestBase;
@@ -1023,7 +1022,7 @@ function testHtmlCorrectorFilter() {
    *   TRUE on pass, FALSE on fail.
    */
   function assertNormalized($haystack, $needle, $message = '', $group = 'Other') {
-    return $this->assertTrue(strpos(strtolower(String::decodeEntities($haystack)), $needle) !== FALSE, $message, $group);
+    return $this->assertTrue(strpos(strtolower(Html::decodeEntities($haystack)), $needle) !== FALSE, $message, $group);
   }
 
   /**
@@ -1047,6 +1046,6 @@ function assertNormalized($haystack, $needle, $message = '', $group = 'Other') {
    *   TRUE on pass, FALSE on fail.
    */
   function assertNoNormalized($haystack, $needle, $message = '', $group = 'Other') {
-    return $this->assertTrue(strpos(strtolower(String::decodeEntities($haystack)), $needle) === FALSE, $message, $group);
+    return $this->assertTrue(strpos(strtolower(Html::decodeEntities($haystack)), $needle) === FALSE, $message, $group);
   }
 }

core/modules/locale/locale.module

@@ -11,7 +11,7 @@
  */
 
 use Drupal\Component\Serialization\Json;
-use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\UrlHelper;
 use Drupal\Component\Utility\Xss;
 use Drupal\Core\Url;
@@ -1028,7 +1028,7 @@ function locale_translation_use_remote_source() {
  * layout issues (div) or a possible attack vector (img).
  */
 function locale_string_is_safe($string) {
-  return String::decodeEntities($string) == String::decodeEntities(Xss::filter($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'ins', 'kbd', 'li', 'ol', 'p', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var')));
+  return Html::decodeEntities($string) == Html::decodeEntities(Xss::filter($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'ins', 'kbd', 'li', 'ol', 'p', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var')));
 }
 
 /**

core/modules/search/search.module

@@ -6,7 +6,7 @@
  */
 
 use Drupal\Component\Utility\SafeMarkup;
-use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\Unicode;
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Routing\RouteMatchInterface;
@@ -236,7 +236,7 @@ function search_update_totals() {
  */
 function search_simplify($text, $langcode = NULL) {
   // Decode entities to UTF-8
-  $text = String::decodeEntities($text);
+  $text = Html::decodeEntities($text);
 
   // Lowercase
   $text = Unicode::strtolower($text);
@@ -599,7 +599,7 @@ function search_excerpt($keys, $text, $langcode = NULL) {
 
   // Prepare text by stripping HTML tags and decoding HTML entities.
   $text = strip_tags(str_replace(array('<', '>'), array(' <', '> '), $text));
-  $text = String::decodeEntities($text);
+  $text = Html::decodeEntities($text);
   $text_length = strlen($text);
 
   // Make a list of unique keywords that are actually found in the text,

core/modules/search/src/Tests/SearchPageTextTest.php

@@ -7,7 +7,7 @@
 
 namespace Drupal\search\Tests;
 
-use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\Unicode;
 
 /**
@@ -68,7 +68,7 @@ function testSearchText() {
     $edit['keys'] = $search_terms;
     $this->drupalPostForm('search/node', $edit, t('Search'));
     $actual_title = (string) current($this->xpath('//title'));
-    $this->assertEqual($actual_title, String::decodeEntities(t($title_source, array('@keywords' => Unicode::truncate($search_terms, 60, TRUE, TRUE)))), 'Search page title is correct');
+    $this->assertEqual($actual_title, Html::decodeEntities(t($title_source, array('@keywords' => Unicode::truncate($search_terms, 60, TRUE, TRUE)))), 'Search page title is correct');
 
     $edit['keys'] = $this->searchingUser->getUsername();
     $this->drupalPostForm('search/user', $edit, t('Search'));

core/modules/simpletest/src/WebTestBase.php

@@ -10,8 +10,8 @@
 use Drupal\Component\Serialization\Json;
 use Drupal\Component\Serialization\Yaml;
 use Drupal\Component\Utility\Crypt;
+use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\NestedArray;
-use Drupal\Component\Utility\String;
 use Drupal\Core\Cache\Cache;
 use Drupal\Component\Utility\SafeMarkup;
 use Drupal\Core\DependencyInjection\YamlFileLoader;
@@ -2083,7 +2083,7 @@ protected function checkForMetaRefresh() {
         // Parse the content attribute of the meta tag for the format:
         // "[delay]: URL=[page_to_redirect_to]".
         if (preg_match('/\d+;\s*URL=(?<url>.*)/i', $refresh[0]['content'], $match)) {
-          return $this->drupalGet($this->getAbsoluteUrl(String::decodeEntities($match['url'])));
+          return $this->drupalGet($this->getAbsoluteUrl(Html::decodeEntities($match['url'])));
         }
       }
     }

core/modules/views/src/Plugin/views/display/DisplayPluginBase.php

@@ -9,7 +9,6 @@
 
 use Drupal\Component\Plugin\DependentPluginInterface;
 use Drupal\Component\Utility\Html;
-use Drupal\Component\Utility\String;
 use Drupal\Component\Utility\Unicode;
 use Drupal\Component\Utility\SafeMarkup;
 use Drupal\Core\Cache\Cache;
@@ -1063,7 +1062,7 @@ public function getArgumentsTokens() {
        // Use strip tags as there should never be HTML in the path.
        // However, we need to preserve special characters like " that
        // were removed by SafeMarkup::checkPlain().
-      $tokens["!$count"] = isset($this->view->args[$count - 1]) ? strip_tags(String::decodeEntities($this->view->args[$count - 1])) : '';
+      $tokens["!$count"] = isset($this->view->args[$count - 1]) ? strip_tags(Html::decodeEntities($this->view->args[$count - 1])) : '';
     }
 
     return $tokens;

core/modules/views/src/Plugin/views/field/FieldPluginBase.php

@@ -10,7 +10,6 @@
 use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\NestedArray;
 use Drupal\Component\Utility\SafeMarkup;
-use Drupal\Component\Utility\String;
 use Drupal\Component\Utility\Unicode;
 use Drupal\Component\Utility\UrlHelper;
 use Drupal\Component\Utility\Xss;
@@ -1239,7 +1238,7 @@ public function renderText($alter) {
         $more_link_text = $this->options['alter']['more_link_text'] ? $this->options['alter']['more_link_text'] : $this->t('more');
         $more_link_text = strtr(Xss::filterAdmin($more_link_text), $tokens);
         $more_link_path = $this->options['alter']['more_link_path'];
-        $more_link_path = strip_tags(String::decodeEntities($this->viewsTokenReplace($more_link_path, $tokens)));
+        $more_link_path = strip_tags(Html::decodeEntities($this->viewsTokenReplace($more_link_path, $tokens)));
 
         // Make sure that paths which were run through _url() work as well.
         $base_path = base_path();
@@ -1340,7 +1339,7 @@ protected function renderAsLink($alter, $text, $tokens) {
       // Use strip tags as there should never be HTML in the path.
       // However, we need to preserve special characters like " that
       // were removed by SafeMarkup::checkPlain().
-      $path = strip_tags(String::decodeEntities($this->viewsTokenReplace($path, $tokens)));
+      $path = strip_tags(Html::decodeEntities($this->viewsTokenReplace($path, $tokens)));
 
       if (!empty($alter['path_case']) && $alter['path_case'] != 'none' && !$alter['url']->isRouted()) {
         $path = str_replace($alter['path'], $this->caseTransform($alter['path'], $this->options['alter']['path_case']), $path);
@@ -1413,7 +1412,7 @@ protected function renderAsLink($alter, $text, $tokens) {
     $alt = $this->viewsTokenReplace($alter['alt'], $tokens);
     // Set the title attribute of the link only if it improves accessibility
     if ($alt && $alt != $text) {
-      $options['attributes']['title'] = String::decodeEntities($alt);
+      $options['attributes']['title'] = Html::decodeEntities($alt);
     }
 
     $class = $this->viewsTokenReplace($alter['link_class'], $tokens);
@@ -1509,7 +1508,7 @@ public function getRenderTokens($item) {
       // Use strip tags as there should never be HTML in the path.
       // However, we need to preserve special characters like " that
       // were removed by SafeMarkup::checkPlain().
-      $tokens['!' . $count] = isset($this->view->args[$count - 1]) ? strip_tags(String::decodeEntities($this->view->args[$count - 1])) : '';
+      $tokens['!' . $count] = isset($this->view->args[$count - 1]) ? strip_tags(Html::decodeEntities($this->view->args[$count - 1])) : '';
     }
 
     // Get flattened set of tokens for any array depth in query parameters.
@@ -1593,7 +1592,7 @@ protected function getTokenValuesRecursive(array $array, array $parent_keys = ar
       else {
         // Create a token key based on array element structure.
         $token_string = !empty($parent_keys) ? implode('_', $parent_keys) . '_' . $param : $param;
-        $tokens['%' . $token_string] = strip_tags(String::decodeEntities($val));
+        $tokens['%' . $token_string] = strip_tags(Html::decodeEntities($val));
       }
     }
 

core/modules/views/src/Plugin/views/field/Links.php

@@ -7,7 +7,7 @@
 
 namespace Drupal\views\Plugin\views\field;
 
-use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Html;
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\Core\Url as UrlObject;
 
@@ -82,7 +82,7 @@ protected function getLinks() {
       }
       // Make sure that tokens are replaced for this paths as well.
       $tokens = $this->getRenderTokens(array());
-      $path = strip_tags(String::decodeEntities($this->viewsTokenReplace($path, $tokens)));
+      $path = strip_tags(Html::decodeEntities($this->viewsTokenReplace($path, $tokens)));
 
       $links[$field] = array(
         'url' => $path ? UrlObject::fromUri('internal:/' . $path) : $url,

core/modules/views/src/Plugin/views/filter/FilterPluginBase.php

@@ -13,7 +13,7 @@
 use Drupal\user\RoleInterface;
 use Drupal\views\Plugin\CacheablePluginInterface;
 use Drupal\views\Plugin\views\HandlerBase;
-use Drupal\Component\Utility\String as UtilityString;
+use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\SafeMarkup;
 use Drupal\views\Plugin\views\display\DisplayPluginBase;
 use Drupal\views\ViewExecutable;
@@ -1181,7 +1181,7 @@ protected function prepareFilterSelectOptions(&$options) {
       else {
         // Cast the label to a string since it can be an object.
         // @see \Drupal\Core\StringTranslation\TranslationWrapper
-        $options[$value] = strip_tags(UtilityString::decodeEntities((string) $label));
+        $options[$value] = strip_tags(Html::decodeEntities((string) $label));
       }
     }
   }

core/modules/views/src/Tests/Handler/FieldWebTest.php

@@ -7,8 +7,8 @@
 
 namespace Drupal\views\Tests\Handler;
 
+use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\Unicode;
-use Drupal\Component\Utility\String;
 use Drupal\Component\Utility\UrlHelper;
 use Drupal\views\Views;
 
@@ -232,14 +232,14 @@ public function testAlterUrl() {
       $expected_result = \Drupal::url('entity.node.canonical', ['node' => '123'], ['query' => ['foo' => 'bar', 'bar' => 'baz'], 'absolute' => $absolute]);
       $alter['path'] = 'node/123?foo=bar&bar=baz';
       $result = $id_field->theme($row);
-      $this->assertSubString(String::decodeEntities($result), String::decodeEntities($expected_result));
+      $this->assertSubString(Html::decodeEntities($result), Html::decodeEntities($expected_result));
 
       // @todo The route-based URL generator strips out NULL attributes.
       // $expected_result = \Drupal::url('entity.node.canonical', ['node' => '123'], ['query' => ['foo' => NULL], 'fragment' => 'bar', 'absolute' => $absolute]);
       $expected_result = \Drupal::urlGenerator()->generateFromPath('node/123', array('query' => array('foo' => NULL), 'fragment' => 'bar', 'absolute' => $absolute));
       $alter['path'] = 'node/123?foo#bar';
       $result = $id_field->theme($row);
-      $this->assertSubString(String::decodeEntities($result), String::decodeEntities($expected_result));
+      $this->assertSubString(Html::decodeEntities($result), Html::decodeEntities($expected_result));
 
       $expected_result = \Drupal::url('<front>', [], ['absolute' => $absolute]);
       $alter['path'] = '<front>';

core/modules/views/src/ViewExecutable.php

@@ -7,7 +7,7 @@
 
 namespace Drupal\views;
 
-use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Html;
 use Drupal\Core\Cache\Cache;
 use Drupal\Component\Utility\SafeMarkup;
 use Drupal\Core\DependencyInjection\DependencySerializationTrait;
@@ -994,7 +994,7 @@ protected function _buildArguments() {
 
         // Add this argument's substitution
         $substitutions['%' . ($position + 1)] = $arg_title;
-        $substitutions['!' . ($position + 1)] = strip_tags(String::decodeEntities($arg));
+        $substitutions['!' . ($position + 1)] = strip_tags(Html::decodeEntities($arg));
 
         // Test to see if we should use this argument's title
         if (!empty($argument->options['title_enable']) && !empty($argument->options['title'])) {

core/modules/views/views.theme.inc

@@ -7,7 +7,6 @@
 
 use Drupal\Component\Utility\Html;
 use Drupal\Component\Utility\SafeMarkup;
-use Drupal\Component\Utility\String;
 use Drupal\Component\Utility\Xss;
 use Drupal\Core\Template\Attribute;
 use Drupal\Core\Url;
@@ -853,7 +852,7 @@ function template_preprocess_views_view_rss(&$variables) {
   // The RSS 2.0 "spec" doesn't indicate HTML can be used in the description.
   // We strip all HTML tags, but need to prevent double encoding from properly
   // escaped source data (such as &amp becoming &).
-  $variables['description'] = SafeMarkup::checkPlain(String::decodeEntities(strip_tags($style->getDescription())));
+  $variables['description'] = SafeMarkup::checkPlain(Html::decodeEntities(strip_tags($style->getDescription())));
 
   if ($view->display_handler->getOption('sitename_title')) {
     $title = $config->get('name');