Commit 8691e08f authored by catch's avatar catch

Issue #2545972 by alexpott, joelpittet, ericjenkins, stefan.r, Wim Leers,...

Issue #2545972 by alexpott, joelpittet, ericjenkins, stefan.r, Wim Leers, Cottser: Remove all code usages SafeMarkup::checkPlain() and rely more on Twig autoescaping
parent cd37e6b9
......@@ -130,12 +130,6 @@ function drupal_install_schema($module) {
*
* @param string $module
* The module for which the tables will be removed.
*
* @return array
* An array of arrays with the following key/value pairs:
* - success: a boolean indicating whether the query succeeded.
* - query: the SQL query(s) executed, passed through
* \Drupal\Component\Utility\SafeMarkup::checkPlain().
*/
function drupal_uninstall_schema($module) {
$schema = drupal_get_module_schema($module);
......
......@@ -304,7 +304,7 @@ public static function setAllowedProtocols(array $protocols = array()) {
* \Drupal\Component\Utility\Xss::filter(), but those functions return an
* HTML-encoded string, so this function can be called independently when the
* output needs to be a plain-text string for passing to functions that will
* call \Drupal\Component\Utility\SafeMarkup::checkPlain() separately.
* call \Drupal\Component\Utility\Html::escape() separately.
*
* @param string $uri
* A plain-text URI that might contain dangerous protocols.
......
......@@ -106,7 +106,7 @@ public static function filter($string, array $html_tags = NULL) {
*
* Use only for fields where it is impractical to use the
* whole filter system, but where some (mainly inline) mark-up
* is desired (so \Drupal\Component\Utility\SafeMarkup::checkPlain() is
* is desired (so \Drupal\Component\Utility\Html::escape() is
* not acceptable).
*
* Allows all tags that can be used inside an HTML body, save
......
......@@ -17,18 +17,20 @@ interface TitleResolverInterface {
/**
* Returns a static or dynamic title for the route.
*
* The returned title string must be safe to output in HTML. For example, an
* implementation should call \Drupal\Component\Utility\SafeMarkup::checkPlain()
* or \Drupal\Component\Utility\Xss::filterAdmin() on the string, or use
* appropriate placeholders to sanitize dynamic content inside a localized
* string before returning it. The title may contain HTML such as EM tags.
* If the returned title can contain HTML that should not be escaped it should
* return a render array, for example:
* @code
* ['#markup' => 'title', '#allowed_tags' => ['em']]
* @endcode
* If the method returns a string and it is not marked safe then it will be
* auto-escaped.
*
* @param \Symfony\Component\HttpFoundation\Request $request
* The request object passed to the title callback.
* @param \Symfony\Component\Routing\Route $route
* The route information of the route to fetch the title.
*
* @return string|null
* @return array|string|null
* The title for the route.
*/
public function getTitle(Request $request, Route $route);
......
......@@ -7,7 +7,6 @@
namespace Drupal\Core\EventSubscriber;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Logger\LoggerChannelFactoryInterface;
use Drupal\Core\Utility\Error;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
......@@ -45,7 +44,7 @@ public function __construct(LoggerChannelFactoryInterface $logger) {
*/
public function on403(GetResponseForExceptionEvent $event) {
$request = $event->getRequest();
$this->logger->get('access denied')->warning(SafeMarkup::checkPlain($request->getRequestUri()));
$this->logger->get('access denied')->warning('@uri', ['@uri' => $request->getRequestUri()]);
}
/**
......@@ -56,7 +55,7 @@ public function on403(GetResponseForExceptionEvent $event) {
*/
public function on404(GetResponseForExceptionEvent $event) {
$request = $event->getRequest();
$this->logger->get('page not found')->warning(SafeMarkup::checkPlain($request->getRequestUri()));
$this->logger->get('page not found')->warning('@uri', ['@uri' => $request->getRequestUri()]);
}
/**
......
......@@ -7,7 +7,6 @@
namespace Drupal\Core\Extension;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\State\StateInterface;
......@@ -428,7 +427,7 @@ public function getName($theme) {
if (!isset($themes[$theme])) {
throw new \InvalidArgumentException("Requested the name of a non-existing theme $theme");
}
return SafeMarkup::checkPlain($themes[$theme]->info['name']);
return $themes[$theme]->info['name'];
}
/**
......
......@@ -24,7 +24,7 @@ trait AllowedTagsXssTrait {
*
* Used for items entered by administrators, like field descriptions, allowed
* values, where some (mainly inline) mark-up may be desired (so
* \Drupal\Component\Utility\SafeMarkup::checkPlain() is not acceptable).
* \Drupal\Component\Utility\Html::escape() is not acceptable).
*
* @param string $string
* The string with raw HTML in it.
......
......@@ -5,8 +5,6 @@
* Callbacks and hooks related to form system.
*/
use Drupal\Component\Utility\SafeMarkup;
/**
* @addtogroup callbacks
* @{
......@@ -79,7 +77,7 @@ function callback_batch_operation($MULTIPLE_PARAMS, &$context) {
node_save($node);
// Store some result for post-processing in the finished callback.
$context['results'][] = SafeMarkup::checkPlain($node->title);
$context['results'][] = $node->title;
// Update our progress information.
$context['sandbox']['progress']++;
......
......@@ -461,9 +461,6 @@ function hook_system_breadcrumb_alter(\Drupal\Core\Breadcrumb\Breadcrumb &$bread
* must be a string; other elements are more flexible, as they just need
* to work as an argument for the constructor of the class
* Drupal\Core\Template\Attribute($options['attributes']).
* - html: Whether or not HTML should be allowed as the link text. If FALSE,
* the text will be run through
* \Drupal\Component\Utility\SafeMarkup::checkPlain() before being output.
*
* @see \Drupal\Core\Routing\UrlGenerator::generateFromPath()
* @see \Drupal\Core\Routing\UrlGenerator::generateFromRoute()
......
......@@ -116,10 +116,7 @@ public function getPreferredAdminLangcode($fallback_to_default = TRUE);
* @see hook_user_format_name_alter()
*
* @return
* An unsanitized string with the username to display. The code receiving
* this result must ensure that \Drupal\Component\Utility\SafeMarkup::checkPlain()
* is called on it before it is
* printed to the page.
* An unsanitized string with the username to display.
*/
public function getUsername();
......
......@@ -164,8 +164,8 @@ public function __construct(ModuleHandlerInterface $module_handler, CacheBackend
* display to a web browser. Defaults to TRUE. Developers who set this
* option to FALSE assume responsibility for running
* \Drupal\Component\Utility\Xss::filter(),
* \Drupal\Component\Utility\SafeMarkup::checkPlain() or other appropriate
* scrubbing functions before displaying data to users.
* \Drupal\Component\Utility\Html::escape() or other appropriate scrubbing
* functions before displaying data to users.
* @param \Drupal\Core\Render\BubbleableMetadata $bubbleable_metadata|null
* (optional) An object to which static::generate() and the hooks and
* functions that it invokes will add their required bubbleable metadata.
......@@ -285,8 +285,8 @@ public function scan($text) {
* - sanitize: A boolean flag indicating that tokens should be sanitized for
* display to a web browser. Developers who set this option to FALSE assume
* responsibility for running \Drupal\Component\Utility\Xss::filter(),
* \Drupal\Component\Utility\SafeMarkup::checkPlain() or other appropriate
* scrubbing functions before displaying data to users.
* \Drupal\Component\Utility\Html::escape() or other appropriate scrubbing
* functions before displaying data to users.
* @param \Drupal\Core\Render\BubbleableMetadata $bubbleable_metadata
* The bubbleable metadata. This is passed to the token replacement
* implementations so that they can attach their metadata.
......
......@@ -7,6 +7,7 @@
namespace Drupal\block\Controller;
use Drupal\Component\Utility\Html;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Extension\ThemeHandler;
use Drupal\Core\Extension\ThemeHandlerInterface;
......@@ -55,7 +56,7 @@ public static function create(ContainerInterface $container) {
*/
public function demo($theme) {
$page = [
'#title' => $this->themeHandler->getName($theme),
'#title' => Html::escape($this->themeHandler->getName($theme)),
'#type' => 'page',
'#attached' => array(
'drupalSettings' => [
......
......@@ -7,8 +7,8 @@
namespace Drupal\block\Controller;
use Drupal\Component\Utility\Html;
use Drupal\Core\Block\BlockManagerInterface;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
......@@ -59,7 +59,7 @@ public function autocomplete(Request $request) {
$matches = array();
foreach ($this->blockManager->getCategories() as $category) {
if (stripos($category, $typed_category) === 0) {
$matches[] = array('value' => $category, 'label' => SafeMarkup::checkPlain($category));
$matches[] = array('value' => $category, 'label' => Html::escape($category));
}
}
return new JsonResponse($matches);
......
......@@ -86,6 +86,10 @@ public function testBlockDemoUiPage() {
$this->clickLink(t('Demonstrate block regions (@theme)', array('@theme' => 'Classy')));
$elements = $this->xpath('//div[contains(@class, "region-highlighted")]/div[contains(@class, "block-region") and contains(text(), :title)]', array(':title' => 'Highlighted'));
$this->assertTrue(!empty($elements), 'Block demo regions are shown.');
\Drupal::service('theme_handler')->install(array('test_theme'));
$this->drupalGet('admin/structure/block/demo/test_theme');
$this->assertEscaped('<strong>Test theme</strong>');
}
/**
......
......@@ -7,8 +7,8 @@
namespace Drupal\Tests\block\Unit;
use Drupal\Component\Utility\Html;
use Drupal\block\Controller\CategoryAutocompleteController;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Tests\UnitTestCase;
use Symfony\Component\HttpFoundation\Request;
......@@ -48,7 +48,7 @@ protected function setUp() {
*/
public function testAutocompleteSuggestions($string, $suggestions) {
$suggestions = array_map(function ($suggestion) {
return array('value' => $suggestion, 'label' => SafeMarkup::checkPlain($suggestion));
return array('value' => $suggestion, 'label' => Html::escape($suggestion));
}, $suggestions);
$result = $this->autocompleteController->autocomplete(new Request(array('q' => $string)));
$this->assertSame($suggestions, json_decode($result->getContent(), TRUE));
......
......@@ -16,7 +16,6 @@
use Drupal\comment\Entity\CommentType;
use Drupal\Core\Entity\FieldableEntityInterface;
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Routing\RouteMatchInterface;
......@@ -579,7 +578,7 @@ function comment_preview(CommentInterface $comment, FormStateInterface $form_sta
if (!empty($account) && $account->isAuthenticated()) {
$comment->setOwner($account);
$comment->setAuthorName(SafeMarkup::checkPlain($account->getUsername()));
$comment->setAuthorName($account->getUsername());
}
elseif (empty($author_name)) {
$comment->setAuthorName(\Drupal::config('user.settings')->get('anonymous'));
......
......@@ -7,7 +7,6 @@
namespace Drupal\comment\Plugin\views\argument;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Database\Connection;
use Drupal\views\Plugin\views\argument\ArgumentPluginBase;
use Symfony\Component\DependencyInjection\ContainerInterface;
......@@ -65,7 +64,7 @@ function title() {
return $this->t('No user');
}
return SafeMarkup::checkPlain($title);
return $title;
}
protected function defaultActions($which = NULL) {
......
......@@ -8,6 +8,7 @@
namespace Drupal\comment\Tests;
use Drupal\comment\CommentManagerInterface;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Datetime\DrupalDateTime;
use Drupal\comment\Entity\Comment;
......@@ -39,17 +40,31 @@ function testCommentPreview() {
$this->setCommentSettings('default_mode', CommentManagerInterface::COMMENT_MODE_THREADED, 'Comment paging changed.');
$this->drupalLogout();
// Login as web user and add a user picture.
// Login as web user.
$this->drupalLogin($this->webUser);
$image = current($this->drupalGetTestFiles('image'));
$edit['files[user_picture_0]'] = drupal_realpath($image->uri);
$this->drupalPostForm('user/' . $this->webUser->id() . '/edit', $edit, t('Save'));
// As the web user, fill in the comment form and preview the comment.
// Test escaping of the username on the preview form.
\Drupal::service('module_installer')->install(['user_hooks_test']);
\Drupal::state()->set('user_hooks_test_user_format_name_alter', TRUE);
$edit = array();
$edit['subject[0][value]'] = $this->randomMachineName(8);
$edit['comment_body[0][value]'] = $this->randomMachineName(16);
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
$this->assertEscaped('<em>' . $this->webUser->id() . '</em>');
\Drupal::state()->set('user_hooks_test_user_format_name_alter_safe', TRUE);
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
$this->assertTrue(SafeMarkup::isSafe($this->webUser->getUsername()), 'Username is marked safe');
$this->assertNoEscaped('<em>' . $this->webUser->id() . '</em>');
$this->assertRaw('<em>' . $this->webUser->id() . '</em>');
// Add a user picture.
$image = current($this->drupalGetTestFiles('image'));
$user_edit['files[user_picture_0]'] = drupal_realpath($image->uri);
$this->drupalPostForm('user/' . $this->webUser->id() . '/edit', $user_edit, t('Save'));
// As the web user, fill in the comment form and preview the comment.
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
// Check that the preview is displaying the title and body.
$this->assertTitle(t('Preview comment | Drupal'), 'Page title is "Preview comment".');
......
......@@ -7,7 +7,6 @@
namespace Drupal\field_ui\Form;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityForm;
use Drupal\Core\Field\AllowedTagsXssTrait;
use Drupal\Core\Field\FieldFilteredString;
......@@ -203,7 +202,7 @@ public function save(array $form, FormStateInterface $form_state) {
* The label of the field.
*/
public function getTitle(FieldConfigInterface $field_config) {
return SafeMarkup::checkPlain($field_config->label());
return $field_config->label();
}
}
......@@ -80,8 +80,8 @@ protected function setUp() {
$type = $this->drupalCreateContentType(array('name' => $type_name, 'type' => $type_name));
$this->contentType = $type->id();
// Create random field name.
$this->fieldLabel = $this->randomMachineName(8);
// Create random field name with markup to test escaping.
$this->fieldLabel = '<em>' . $this->randomMachineName(8) . '</em>';
$this->fieldNameInput = strtolower($this->randomMachineName(8));
$this->fieldName = 'field_'. $this->fieldNameInput;
......@@ -194,6 +194,7 @@ function updateField() {
$field_id = 'node.' . $this->contentType . '.' . $this->fieldName;
// Go to the field edit page.
$this->drupalGet('admin/structure/types/manage/' . $this->contentType . '/fields/' . $field_id . '/storage');
$this->assertEscaped($this->fieldLabel);
// Populate the field settings with new settings.
$string = 'updated dummy test string';
......
......@@ -479,8 +479,6 @@ function testNoFollowFilter() {
/**
* Tests the HTML escaping filter.
*
* \Drupal\Component\Utility\SafeMarkup::checkPlain() is not tested here.
*/
function testHtmlEscapeFilter() {
// Get FilterHtmlEscape object.
......
......@@ -7,7 +7,6 @@
namespace Drupal\node\Controller;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\Controller\EntityViewController;
......@@ -61,7 +60,7 @@ public function view(EntityInterface $node_preview, $view_mode_id = 'full', $lan
* The page title.
*/
public function title(EntityInterface $node_preview) {
return SafeMarkup::checkPlain($this->entityManager->getTranslationFromContext($node_preview)->label());
return $this->entityManager->getTranslationFromContext($node_preview)->label();
}
}
......@@ -7,7 +7,6 @@
namespace Drupal\node\Plugin\views\argument;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityStorageInterface;
use Drupal\views\Plugin\views\argument\StringArgument;
use Symfony\Component\DependencyInjection\ContainerInterface;
......@@ -76,7 +75,7 @@ function title() {
function node_type($type_name) {
$type = $this->nodeTypeStorage->load($type_name);
$output = $type ? $type->label() : $this->t('Unknown content type');
return SafeMarkup::checkPlain($output);
return $output;
}
}
......@@ -7,7 +7,6 @@
namespace Drupal\node\Plugin\views\row;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityManagerInterface;
use Drupal\views\Plugin\views\row\RssPluginBase;
use Symfony\Component\DependencyInjection\ContainerInterface;
......@@ -78,7 +77,7 @@ public function buildOptionsForm_summary_options() {
public function summaryTitle() {
$options = $this->buildOptionsForm_summary_options();
return SafeMarkup::checkPlain($options[$this->options['view_mode']]);
return $options[$this->options['view_mode']];
}
public function preRender($values) {
......
......@@ -139,7 +139,7 @@ function testPagePreview() {
// Fill in node creation form and preview node.
$edit = array();
$edit[$title_key] = $this->randomMachineName(8);
$edit[$title_key] = '<em>' . $this->randomMachineName(8) . '</em>';
$edit[$body_key] = $this->randomMachineName(16);
$edit[$term_key] = $this->term->getName();
......@@ -153,7 +153,7 @@ function testPagePreview() {
// Check that the preview is displaying the title, body and term.
$this->assertTitle(t('@title | Drupal', array('@title' => $edit[$title_key])), 'Basic page title is preview.');
$this->assertText($edit[$title_key], 'Title displayed.');
$this->assertEscaped($edit[$title_key], 'Title displayed and escaped.');
$this->assertText($edit[$body_key], 'Body displayed.');
$this->assertText($edit[$term_key], 'Term displayed.');
$this->assertLink(t('Back to content editing'));
......@@ -185,7 +185,7 @@ function testPagePreview() {
// Return to page preview to check everything is as expected.
$this->drupalPostForm(NULL, array(), t('Preview'));
$this->assertTitle(t('@title | Drupal', array('@title' => $edit[$title_key])), 'Basic page title is preview.');
$this->assertText($edit[$title_key], 'Title displayed.');
$this->assertEscaped($edit[$title_key], 'Title displayed and escaped.');
$this->assertText($edit[$body_key], 'Body displayed.');
$this->assertText($edit[$term_key], 'Term displayed.');
$this->assertLink(t('Back to content editing'));
......
......@@ -29,7 +29,7 @@ public function testNodeViewTypeArgument() {
$types = array();
$all_nids = array();
for ($i = 0; $i < 2; $i++) {
$type = $this->drupalCreateContentType();
$type = $this->drupalCreateContentType(['name' => '<em>' . $this->randomMachineName() . '</em>']);
$types[] = $type;
for ($j = 0; $j < 5; $j++) {
......@@ -49,6 +49,7 @@ public function testNodeViewTypeArgument() {
foreach ($types as $type) {
$this->drupalGet("test-node-view/{$type->id()}");
$this->assertEscaped($type->label());
$this->assertNids(array_keys($nodes[$type->id()]));
}
}
......
......@@ -167,8 +167,8 @@ display:
value: all
title_enable: false
title: All
title_enable: false
title: ''
title_enable: true
title: '{{ arguments.type }}'
default_argument_type: fixed
default_argument_options:
argument: ''
......
......@@ -7,7 +7,6 @@
namespace Drupal\options\Plugin\views\argument;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Field\AllowedTagsXssTrait;
use Drupal\Core\Field\FieldFilteredString;
use Drupal\Core\Form\FormStateInterface;
......@@ -85,7 +84,7 @@ public function summaryName($data) {
}
// Else, fallback to the key.
else {
return SafeMarkup::checkPlain($value);
return $value;
}
}
......
......@@ -395,7 +395,7 @@ public function testUIFieldAlias() {
$expected[] = $expected_row;
}
$this->assertIdentical($this->drupalGetJSON('test/serialize/field'), $expected);
$this->assertIdentical($this->drupalGetJSON('test/serialize/field'), $this->castSafeStrings($expected));
// Test a random aliases for fields, they should be replaced.
$alias_map = array(
......@@ -430,7 +430,7 @@ public function testUIFieldAlias() {
$expected[] = $expected_row;
}
$this->assertIdentical($this->drupalGetJSON('test/serialize/field'), $expected);
$this->assertIdentical($this->drupalGetJSON('test/serialize/field'), $this->castSafeStrings($expected));
}
/**
......
......@@ -437,7 +437,7 @@ protected function assertNoLinkByHrefInMainRegion($href, $message = '', $group =
*/
protected function assertRaw($raw, $message = '', $group = 'Other') {
if (!$message) {
$message = SafeMarkup::format('Raw "@raw" found', array('@raw' => $raw));
$message = 'Raw "' . Html::escape($raw) . '" found';
}
return $this->assert(strpos($this->getRawContent(), (string) $raw) !== FALSE, $message, $group);
}
......@@ -465,7 +465,7 @@ protected function assertRaw($raw, $message = '', $group = 'Other') {
*/
protected function assertNoRaw($raw, $message = '', $group = 'Other') {
if (!$message) {
$message = SafeMarkup::format('Raw "@raw" not found', array('@raw' => $raw));
$message = 'Raw "' . Html::escape($raw) . '" not found';
}
return $this->assert(strpos($this->getRawContent(), (string) $raw) === FALSE, $message, $group);
}
......@@ -493,7 +493,7 @@ protected function assertNoRaw($raw, $message = '', $group = 'Other') {
*/
protected function assertEscaped($raw, $message = '', $group = 'Other') {
if (!$message) {
$message = SafeMarkup::format('Escaped "@raw" found', array('@raw' => $raw));
$message = 'Escaped "' . Html::escape($raw) . '" found';
}
return $this->assert(strpos($this->getRawContent(), Html::escape($raw)) !== FALSE, $message, $group);
}
......@@ -522,7 +522,7 @@ protected function assertEscaped($raw, $message = '', $group = 'Other') {
*/
protected function assertNoEscaped($raw, $message = '', $group = 'Other') {
if (!$message) {
$message = SafeMarkup::format('Escaped "@raw" not found', array('@raw' => $raw));
$message = 'Escaped "' . Html::escape($raw) . '" not found';
}
return $this->assert(strpos($this->getRawContent(), Html::escape($raw)) === FALSE, $message, $group);
}
......
......@@ -348,9 +348,9 @@ function testUninstallingThemes() {
*/
function testInstallAndSetAsDefault() {
$this->drupalGet('admin/appearance');
// Bartik is uninstalled in the test profile and has the second "Install and
// Bartik is uninstalled in the test profile and has the third "Install and
// set as default" link.
$this->clickLink(t('Install and set as default'), 1);
$this->clickLink(t('Install and set as default'), 2);
// Test the confirmation message.
$this->assertText('Bartik is now the default theme.');
// Make sure Bartik is now set as the default theme in config.
......
......@@ -8,7 +8,7 @@
# here in order for a test to ensure that this correctly prevents the module
# version from being loaded, and that errors aren't caused by the lack of this
# file within the theme folder.
name: 'Test theme'
name: '<strong>Test theme</strong>'
type: theme
description: 'Theme for testing the theme system'
version: VERSION
......
......@@ -11,7 +11,6 @@
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
use Drupal\views\Plugin\views\argument\ArgumentPluginBase;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\taxonomy\Entity\Term;
use Symfony\Component\DependencyInjection\ContainerInterface;
......@@ -140,7 +139,7 @@ public function query($group_by = FALSE) {
function title() {
$term = $this->termStorage->load($this->argument);
if (!empty($term)) {
return SafeMarkup::checkPlain($term->getName());
return $term->getName();
}
// TODO review text
return $this->t('No name');
......
......@@ -10,7 +10,6 @@
use Drupal\Core\Entity\EntityStorageInterface;
use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
use Drupal\views\Plugin\views\argument\NumericArgument;
use Drupal\Component\Utility\SafeMarkup;
use Symfony\Component\DependencyInjection\ContainerInterface;
/**
......@@ -56,7 +55,7 @@ function title() {
if ($this->argument) {
$term = $this->termStorage->load($this->argument);
if (!empty($term)) {
return SafeMarkup::checkPlain($term->getName());
return $term->getName();
}
}
// TODO review text
......
......@@ -8,7 +8,6 @@
namespace Drupal\taxonomy\Plugin\views\argument;
use Drupal\views\Plugin\views\argument\NumericArgument;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\taxonomy\VocabularyStorageInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
......@@ -63,7 +62,7 @@ public static function create(ContainerInterface $container, array $configuratio
function title() {
$vocabulary = $this->vocabularyStorage->load($this->argument);
if ($vocabulary) {
return SafeMarkup::checkPlain($vocabulary->label());
return $vocabulary->label();
}
return $this->t('No vocabulary');
......
......@@ -11,7 +11,6 @@
use Drupal\views\ViewExecutable;
use Drupal\views\Plugin\views\display\DisplayPluginBase;
use Drupal\views\Plugin\views\field\PrerenderList;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\taxonomy\Entity\Vocabulary;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Drupal\taxonomy\VocabularyStorageInterface;
......@@ -153,7 +152,7 @@ public function preRender(&$values) {
$this->items[$node_nid][$tid]['name'] = \Drupal::entityManager()->getTranslationFromContext($term)->label();
$this->items[$node_nid][$tid]['tid'] = $tid;
$this->items[$node_nid][$tid]['vocabulary_vid'] = $term->getVocabularyId();
$this->items[$node_nid][$tid]['vocabulary'] = SafeMarkup::checkPlain($vocabularies[$term->getVocabularyId()]->label());
$this->items[$node_nid][$tid]['vocabulary'] = $vocabularies[$term->getVocabularyId()]->label();
if (!empty($this->options['link_to_taxonomy'])) {
$this->items[$node_nid][$tid]['make_link'] = TRUE;
......
......@@ -16,7 +16,6 @@
use Drupal\views\ViewExecutable;
use Drupal\views\Plugin\views\display\DisplayPluginBase;
use Drupal\views\Plugin\views\filter\ManyToOne;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Tags;
use Symfony\Component\DependencyInjection\ContainerInterface;
......@@ -359,7 +358,7 @@ public function adminSummary() {
$this->value = array_filter($this->value);
$terms = Term::loadMultiple($this->value);
foreach ($terms as $term) {
$this->valueOptions[$term->id()] = SafeMarkup::checkPlain(\Drupal::entityManager()->getTranslationFromContext($term)->label());
$this->valueOptions[$term->id()] = \Drupal::entityManager()->getTranslationFromContext($term)->label();
}
}
return parent::adminSummary();
......
......@@ -59,4 +59,14 @@ public function testTermPath() {
$expected = $this->term1->id();
$this->assertEqual($expected, $view->argument['tid']->getDefaultArgument());
}
/**
* Tests escaping of page title when the taxonomy plugin provides it.
*/
public function testTermTitleEscaping() {
$this->term1->setName('<em>Markup</em>')->save();
$this->drupalGet('taxonomy_default_argument_test/'. $this->term1->id());