Verified Commit dcf22a42 authored by Alex Pott's avatar Alex Pott
Browse files

Issue #3331205 by larowlan, sanderwind: SSTI possible via translation of... 

Issue #3331205 by larowlan, sanderwind: SSTI possible via translation of "Language" in CKEditor Language plugin
parent 9255ef85

core/modules/ckeditor/src/Plugin/CKEditorPlugin/Language.php

+4 −1
Original line number Diff line number Diff line
@@ -87,7 +87,10 @@ public function getButtons() { 
        'label' => $label,

        'image_alternative' => [

          '#type' => 'inline_template',

          '#template' => '<a href="#" class="cke-icon-only" role="button" title="' . $label . '" aria-label="' . $label . '"><span class="cke_button_icon cke_button__language_icon">' . $label . '</span></a>',

          '#template' => '<a href="#" class="cke-icon-only" role="button" title="{{ label }}" aria-label="{{ label }}"><span class="cke_button_icon cke_button__language_icon">{{ label }}</span></a>',

          '#context' => [

            'label' => $label,

          ],

        ],

      ],

    ];