Commit f13b2d59 authored by catch's avatar catch

Revert "Issue #2560641 by alexpott, lauriii, Xano, borisson_, ianthomas_uk:...

Revert "Issue #2560641 by alexpott, lauriii, Xano, borisson_, ianthomas_uk: Remove all usages SafeMarkup::checkPlain() from render arrays"

This reverts commit 31007609.
parent 31007609
......@@ -20,7 +20,6 @@
use Drupal\Core\Theme\ThemeSettings;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Render\Element;
use Drupal\Core\Render\SafeString;
/**
* @defgroup content_flags Content markers
......@@ -1242,8 +1241,7 @@ function template_preprocess_html(&$variables) {
}
if (!empty($variables['page']['#title'])) {
$head_title = array(
// Marking the title as safe since it has had the tags stripped.
'title' => SafeString::create(trim(strip_tags($variables['page']['#title']))),
'title' => trim(strip_tags($variables['page']['#title'])),
'name' => $site_config->get('name'),
);
}
......
......@@ -7,7 +7,7 @@
namespace Drupal\Core\Field\Plugin\Field\FieldFormatter;
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Field\FormatterBase;
use Drupal\Core\Field\FieldItemListInterface;
......@@ -37,7 +37,7 @@ public function viewElements(FieldItemListInterface $items) {
foreach ($items as $delta => $item) {
// The text value has no text format assigned to it, so the user input
// should equal the output, including newlines.
$elements[$delta] = array('#markup' => nl2br(Html::escape($item->value)));
$elements[$delta] = array('#markup' => nl2br(SafeMarkup::checkPlain($item->value)));
}
return $elements;
......
......@@ -7,6 +7,7 @@
namespace Drupal\Core\Field\Plugin\Field\FieldFormatter;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityManagerInterface;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Field\FieldItemInterface;
......@@ -122,9 +123,7 @@ protected function viewValue(FieldItemInterface $item) {
// storage by LanguageManager::getLanguages()) or in its native language
// name. That only depends on formatter settings and no language condition.
$languages = $this->getSetting('native_language') ? $this->languageManager->getNativeLanguages(LanguageInterface::STATE_ALL) : $this->languageManager->getLanguages(LanguageInterface::STATE_ALL);
return [
'#plain_text' => $item->language && isset($languages[$item->language->getId()]) ? $languages[$item->language->getId()]->getName() : ''
];
return $item->language && isset($languages[$item->language->getId()]) ? SafeMarkup::checkPlain($languages[$item->language->getId()]->getName()) : '';
}
}
......@@ -7,7 +7,7 @@
namespace Drupal\Core\Field\Plugin\Field\FieldFormatter;
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityManagerInterface;
use Drupal\Core\Entity\RevisionableInterface;
use Drupal\Core\Field\FieldDefinitionInterface;
......@@ -128,16 +128,16 @@ public function viewElements(FieldItemListInterface $items) {
}
foreach ($items as $delta => $item) {
$view_value = $this->viewValue($item);
$string = $this->viewValue($item);
if ($url) {
$elements[$delta] = [
'#type' => 'link',
'#title' => $view_value,
'#title' => $string,
'#url' => $url,
];
}
else {
$elements[$delta] = is_array($view_value) ? $view_value : ['#markup' => $view_value];
$elements[$delta] = ['#markup' => $string];
}
}
return $elements;
......@@ -149,15 +149,13 @@ public function viewElements(FieldItemListInterface $items) {
* @param \Drupal\Core\Field\FieldItemInterface $item
* One field item.
*
* @return array
* The textual output generated as a render array.
* @return string
* The textual output generated.
*/
protected function viewValue(FieldItemInterface $item) {
// The text value has no text format assigned to it, so the user input
// should equal the output, including newlines.
return [
'#markup' => nl2br(Html::escape($item->value))
];
return nl2br(SafeMarkup::checkPlain($item->value));
}
}
......@@ -10,6 +10,7 @@
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\NestedArray;
use Drupal\Component\Utility\SortArray;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Render\Element;
use Symfony\Component\Validator\ConstraintViolationInterface;
......@@ -84,7 +85,7 @@ public function form(FieldItemListInterface $items, array &$form, FormStateInter
if ($this->handlesMultipleValues() || isset($get_delta)) {
$delta = isset($get_delta) ? $get_delta : 0;
$element = array(
'#title' => $this->fieldDefinition->getLabel(),
'#title' => SafeMarkup::checkPlain($this->fieldDefinition->getLabel()),
'#description' => FieldFilteredString::create(\Drupal::token()->replace($this->fieldDefinition->getDescription())),
);
$element = $this->formSingleElement($items, $delta, $element, $form, $form_state);
......@@ -163,7 +164,7 @@ protected function formMultipleElements(FieldItemListInterface $items, array &$f
break;
}
$title = $this->fieldDefinition->getLabel();
$title = SafeMarkup::checkPlain($this->fieldDefinition->getLabel());
$description = FieldFilteredString::create(\Drupal::token()->replace($this->fieldDefinition->getDescription()));
$elements = array();
......@@ -178,7 +179,7 @@ protected function formMultipleElements(FieldItemListInterface $items, array &$f
// table.
if ($is_multiple) {
$element = [
'#title' => $this->t('@title (value @number)', ['@title' => $title, '@number' => $delta + 1]),
'#title' => $title . ' ' . $this->t('(value @number)', ['@number' => $delta + 1]),
'#title_display' => 'invisible',
'#description' => '',
];
......
......@@ -7,6 +7,7 @@
namespace Drupal\block;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Block\MainContentBlockPluginInterface;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Cache\CacheableMetadata;
......@@ -163,6 +164,8 @@ protected static function buildPreRenderableBlock($entity, ModuleHandlerInterfac
'#block' => $entity,
];
$build['#configuration']['label'] = SafeMarkup::checkPlain($configuration['label']);
// If an alter hook wants to modify the block contents, it can append
// another #pre_render hook.
$module_handler->alter(['block_view', "block_view_$base_id"], $build, $plugin);
......
......@@ -8,6 +8,7 @@
namespace Drupal\block\Controller;
use Drupal\Component\Serialization\Json;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Block\BlockManagerInterface;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\EventSubscriber\MainContentViewSubscriber;
......@@ -108,7 +109,7 @@ public function listBlocks(Request $request, $theme) {
'#prefix' => '<div class="block-filter-text-source">',
'#suffix' => '</div>',
];
$row['category']['data'] = $plugin_definition['category'];
$row['category']['data'] = SafeMarkup::checkPlain($plugin_definition['category']);
$links['add'] = [
'title' => $this->t('Place block'),
'url' => Url::fromRoute('block.admin_add', ['plugin_id' => $plugin_id, 'theme' => $theme]),
......
......@@ -8,6 +8,7 @@
use Drupal\Core\Asset\CssOptimizer;
use Drupal\Component\Utility\Bytes;
use Drupal\Component\Utility\Environment;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Language\LanguageInterface;
......@@ -250,7 +251,7 @@ function color_scheme_form($complete_form, FormStateInterface $form_state, $them
if (isset($names[$name])) {
$form['palette'][$name] = array(
'#type' => 'textfield',
'#title' => $names[$name],
'#title' => SafeMarkup::checkPlain($names[$name]),
'#value_callback' => 'color_palette_color_value',
'#default_value' => $value,
'#size' => 8,
......
......@@ -7,6 +7,8 @@
namespace Drupal\comment;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Config\Entity\ConfigEntityListBuilder;
use Drupal\Core\Entity\EntityInterface;
......@@ -43,7 +45,7 @@ public function buildHeader() {
* {@inheritdoc}
*/
public function buildRow(EntityInterface $entity) {
$row['type'] = $entity->label();
$row['type'] = SafeMarkup::checkPlain($entity->label());
$row['description']['data'] = ['#markup' => $entity->getDescription()];
return $row + parent::buildRow($entity);
}
......
......@@ -7,6 +7,7 @@
namespace Drupal\config_translation\Controller;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityStorageInterface;
use Drupal\Core\Entity\EntityTypeInterface;
......@@ -69,12 +70,12 @@ public function buildRow(EntityInterface $entity) {
);
$row['theme'] = array(
'data' => $this->themes[$theme]->info['name'],
'data' => SafeMarkup::checkPlain($this->themes[$theme]->info['name']),
'class' => 'table-filter-text-source',
);
$row['category'] = array(
'data' => $plugin_definition['category'],
'data' => SafeMarkup::checkPlain($plugin_definition['category']),
'class' => 'table-filter-text-source',
);
......
......@@ -7,6 +7,7 @@
namespace Drupal\config_translation\Controller;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Unicode;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityManagerInterface;
......@@ -122,7 +123,7 @@ public function buildRow(EntityInterface $entity) {
if ($this->displayBundle()) {
$bundle = $entity->get('bundle');
$row['bundle'] = array(
'data' => $this->baseEntityBundles[$bundle]['label'],
'data' => SafeMarkup::checkPlain($this->baseEntityBundles[$bundle]['label']),
'class' => 'table-filter-text-source',
);
}
......
......@@ -7,6 +7,7 @@
namespace Drupal\config_translation\Controller;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\config_translation\ConfigMapperInterface;
use Drupal\Core\Controller\ControllerBase;
use Symfony\Component\DependencyInjection\ContainerInterface;
......@@ -93,7 +94,7 @@ public function render() {
* A render array structure of fields for this mapper.
*/
public function buildRow(ConfigMapperInterface $mapper) {
$row['label'] = $mapper->getTypeLabel();
$row['label'] = SafeMarkup::checkPlain($mapper->getTypeLabel());
$row['operations']['data'] = $this->buildOperations($mapper);
return $row;
}
......
......@@ -7,6 +7,7 @@
namespace Drupal\config_translation\Tests;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\language\Entity\ConfigurableLanguage;
use Drupal\simpletest\WebTestBase;
......@@ -102,7 +103,7 @@ public function testMapperListPage() {
$base_url = 'admin/structure/config_test/manage/' . $test_entity->id();
$this->drupalGet('admin/config/regional/config-translation/config_test');
$this->assertLinkByHref($base_url . '/translate');
$this->assertEscaped($test_entity->label());
$this->assertText(SafeMarkup::checkPlain($test_entity->label()));
// Make sure there is only a single 'Translate' operation for each
// dropbutton.
......
......@@ -753,9 +753,9 @@ public function testFieldConfigTranslation() {
$this->clickLink('Add');
$this->assertText('Translatable field setting');
$this->assertEscaped($translatable_field_setting);
$this->assertRaw(SafeMarkup::checkPlain($translatable_field_setting));
$this->assertText('Translatable storage setting');
$this->assertEscaped($translatable_storage_setting);
$this->assertRaw(SafeMarkup::checkPlain($translatable_storage_setting));
}
/**
......
......@@ -11,6 +11,7 @@
use Drupal\contact\ContactFormInterface;
use Drupal\Core\Render\RendererInterface;
use Drupal\user\UserInterface;
use Drupal\Component\Utility\SafeMarkup;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
......@@ -86,7 +87,7 @@ public function contactSitePage(ContactFormInterface $contact_form = NULL) {
));
$form = $this->entityFormBuilder()->getForm($message);
$form['#title'] = $contact_form->label();
$form['#title'] = SafeMarkup::checkPlain($contact_form->label());
$form['#cache']['contexts'][] = 'user.permissions';
$this->renderer->addCacheableDependency($form, $config);
return $form;
......
......@@ -8,7 +8,9 @@
namespace Drupal\dblog\Controller;
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Database\Connection;
use Drupal\Core\Datetime\DateFormatter;
......@@ -281,7 +283,7 @@ public function eventDetails($event_id) {
),
array(
array('data' => $this->t('Hostname'), 'header' => TRUE),
$dblog->hostname,
SafeMarkup::checkPlain($dblog->hostname),
),
array(
array('data' => $this->t('Operations'), 'header' => TRUE),
......
......@@ -51,7 +51,7 @@ public function testUuidStringFormatter() {
$render_array = $uuid_field->view(['settings' => ['link_to_entity' => TRUE]]);
$this->assertIdentical($render_array[0]['#type'], 'link');
$this->assertIdentical($render_array[0]['#title']['#markup'], $entity->uuid());
$this->assertIdentical($render_array[0]['#title'], $entity->uuid());
$this->assertIdentical($render_array[0]['#url']->toString(), $entity->url());
}
......
......@@ -8,6 +8,7 @@
namespace Drupal\field_ui;
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Config\Entity\ConfigEntityListBuilder;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityManagerInterface;
......@@ -130,7 +131,7 @@ public function buildRow(EntityInterface $field_config) {
$row = array(
'id' => Html::getClass($field_config->getName()),
'data' => array(
'label' => $field_config->getLabel(),
'label' => SafeMarkup::checkPlain($field_config->getLabel()),
'field_name' => $field_config->getName(),
'field_type' => array(
'data' => array(
......
......@@ -56,17 +56,17 @@ public function viewElements(FieldItemListInterface $items) {
}
foreach ($items as $delta => $item) {
$view_value = $this->viewValue($item);
$string = $this->viewValue($item);
if ($url) {
$elements[$delta] = [
'#type' => 'link',
'#title' => $view_value,
'#title' => $string,
'#url' => Url::fromUri($url),
];
}
else {
$elements[$delta] = is_array($view_value) ? $view_value : ['#markup' => $view_value];
$elements[$delta] = is_array($string) ? $string : ['#markup' => $string];
}
}
......
......@@ -7,6 +7,7 @@
namespace Drupal\file\Plugin\Field\FieldWidget;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\NestedArray;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Field\FieldFilteredString;
......@@ -118,7 +119,7 @@ protected function formMultipleElements(FieldItemListInterface $items, array &$f
break;
}
$title = $this->fieldDefinition->getLabel();
$title = SafeMarkup::checkPlain($this->fieldDefinition->getLabel());
$description = FieldFilteredString::create($this->fieldDefinition->getDescription());
$elements = array();
......
......@@ -98,10 +98,10 @@ public function buildRow(EntityInterface $entity) {
if ($entity->isFallbackFormat()) {
$fallback_choice = $this->configFactory->get('filter.settings')->get('always_show_fallback_choice');
if ($fallback_choice) {
$row['roles']['#markup'] = $this->t('All roles may use this format');
$roles_markup = $this->t('All roles may use this format');
}
else {
$row['roles']['#markup'] = $this->t('This format is shown when no other formats are available');
$roles_markup = $this->t('This format is shown when no other formats are available');
}
// Emphasize the fallback role text since it is important to understand
// how it works which configuring filter formats. Additionally, it is not
......@@ -110,14 +110,12 @@ public function buildRow(EntityInterface $entity) {
$row['roles']['#suffix'] = '</em>';
}
else {
$row['roles'] = [
'#theme' => 'item_list',
'#items' => filter_get_roles_by_format($entity),
'#empty' => $this->t('No roles may use this format'),
'#context' => ['list_style' => 'comma-list'],
];
$roles = array_map('\Drupal\Component\Utility\SafeMarkup::checkPlain', filter_get_roles_by_format($entity));
$roles_markup = $roles ? implode(', ', $roles) : $this->t('No roles may use this format');
}
$row['roles']['#markup'] = $roles_markup;
return $row + parent::buildRow($entity);
}
......
......@@ -149,7 +149,7 @@ public function tips($long = FALSE) {
array('data' =>
array(
'#prefix' => '<code>',
'#plain_text' => $tips[$tag][1],
'#markup' => Html::escape($tips[$tag][1]),
'#suffix' => '</code>'
),
'class' => array('type')),
......@@ -193,7 +193,7 @@ public function tips($long = FALSE) {
array(
'data' => array(
'#prefix' => '<code>',
'#plain_text' => $entity[1],
'#markup' => Html::escape($entity[1]),
'#suffix' => '</code>',
),
'class' => array('type'),
......
......@@ -12,6 +12,7 @@
use Drupal\Core\Url;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Drupal\Component\Utility\SafeMarkup;
/**
* Controller routines for help routes.
......@@ -114,7 +115,7 @@ public function helpPage($name) {
$build = array();
if ($this->moduleHandler()->implementsHook($name, 'help')) {
$module_name = $this->moduleHandler()->getName($name);
$build['#title'] = $module_name;
$build['#title'] = SafeMarkup::checkPlain($module_name);
$temp = $this->moduleHandler()->invoke($name, 'help', array("help.page.$name", $this->routeMatch));
if (empty($temp)) {
......
......@@ -8,6 +8,7 @@
namespace Drupal\language\Form;
use Drupal\Core\Block\BlockManagerInterface;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Config\ConfigFactoryInterface;
......@@ -276,22 +277,22 @@ protected function configureFormTable(array &$form, $type) {
if (isset($types[$type])) {
$table_form['#language_negotiation_info'][$method_id] = $method;
$method_name = $method['name'];
$method_name = SafeMarkup::checkPlain($method['name']);
$table_form['weight'][$method_id] = array(
'#type' => 'weight',
'#title' => $this->t('Weight for @title language detection method', array('@title' => Unicode::strtolower($method_name))),
'#title' => $this->t('Weight for !title language detection method', array('!title' => Unicode::strtolower($method_name))),
'#title_display' => 'invisible',
'#default_value' => $weight,
'#attributes' => array('class' => array("language-method-weight-$type")),
'#delta' => 20,
);
$table_form['title'][$method_id] = array('#plain_text' => $method_name);
$table_form['title'][$method_id] = array('#markup' => $method_name);
$table_form['enabled'][$method_id] = array(
'#type' => 'checkbox',
'#title' => $this->t('Enable @title language detection method', array('@title' => Unicode::strtolower($method_name))),
'#title' => $this->t('Enable !title language detection method', array('!title' => Unicode::strtolower($method_name))),
'#title_display' => 'invisible',
'#default_value' => $enabled,
);
......
......@@ -7,6 +7,7 @@
namespace Drupal\locale\Form;
use Drupal\Component\Utility\Html;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Render\Element;
use Drupal\locale\SourceString;
......@@ -72,9 +73,7 @@ public function buildForm(array $form, FormStateInterface $form_state) {
'#type' => 'item',
'#title' => $this->t('Source string (@language)', array('@language' => $this->t('Built-in English'))),
'#title_display' => 'invisible',
'#plain_text' => $source_array[0],
'#preffix' => '<span lang="en">',
'#suffix' => '</span>',
'#markup' => '<span lang="en">' . Html::escape($source_array[0]) . '</span>',
);
}
else {
......@@ -83,16 +82,13 @@ public function buildForm(array $form, FormStateInterface $form_state) {
$original_singular = [
'#type' => 'item',
'#title' => $this->t('Singular form'),
'#plain_text' => $source_array[0],
'#prefix' => '<span class="visually-hidden">' . $this->t('Source string (@language)', array('@language' => $this->t('Built-in English'))) . '</span><span lang="en">',
'#suffix' => '</span>',
'#markup' => '<span lang="en">' . Html::escape($source_array[0]) . '</span>',
'#prefix' => '<span class="visually-hidden">' . $this->t('Source string (@language)', array('@language' => $this->t('Built-in English'))) . '</span>',
];
$original_plural = [
'#type' => 'item',
'#title' => $this->t('Plural form'),
'#plain_text' => $source_array[1],
'#preffix' => '<span lang="en">',
'#suffix' => '</span>',
'#markup' => '<span lang="en">' . Html::escape($source_array[1]) . '</span>',
];
$form['strings'][$string->lid]['original'] = [
$original_singular,
......
......@@ -7,6 +7,7 @@
namespace Drupal\locale\Form;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Extension\ModuleHandlerInterface;
use Drupal\Core\Form\FormBase;
use Drupal\Core\Form\FormStateInterface;
......@@ -81,7 +82,7 @@ public function buildForm(array $form, FormStateInterface $form_state) {
// Build data options for the select table.
foreach ($updates as $langcode => $update) {
$title = $languages[$langcode]->getName();
$title = SafeMarkup::checkPlain($languages[$langcode]->getName());
$locale_translation_update_info = array('#theme' => 'locale_translation_update_info');
foreach (array('updates', 'not_found') as $update_status) {
if (isset($update[$update_status])) {
......@@ -93,7 +94,7 @@ public function buildForm(array $form, FormStateInterface $form_state) {
'class' => array('label'),
'data' => array(
'#title' => $title,
'#plain_text' => $title,
'#markup' => $title,
),
),
'status' => array(
......
......@@ -7,6 +7,7 @@
namespace Drupal\node;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Datetime\DateFormatter;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityListBuilder;
......@@ -118,7 +119,7 @@ public function buildRow(EntityInterface $entity) {
'#suffix' => ' ' . drupal_render($mark),
'#url' => $uri,
);
$row['type'] = node_get_type_label($entity);
$row['type'] = SafeMarkup::checkPlain(node_get_type_label($entity));
$row['author']['data'] = array(
'#theme' => 'username',
'#account' => $entity->getOwner(),
......
......@@ -9,6 +9,7 @@
use Drupal\Core\Entity\EntityForm;
use Drupal\Core\Entity\EntityManagerInterface;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Url;
......@@ -54,7 +55,7 @@ public function form(array $form, FormStateInterface $form_state) {
$type = $this->entity;
if ($this->operation == 'add') {
$form['#title'] = $this->t('Add content type');
$form['#title'] = SafeMarkup::checkPlain($this->t('Add content type'));
$fields = $this->entityManager->getBaseFieldDefinitions('node');
// Create a node with a fake bundle using the type's UUID so that we can
// get the default values for workflow settings.
......
......@@ -7,6 +7,7 @@
namespace Drupal\node\Plugin\Search;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Config\Config;
use Drupal\Core\Database\Connection;
......@@ -345,7 +346,7 @@ protected function prepareResults(StatementInterface $found) {
$result = array(
'link' => $node->url('canonical', array('absolute' => TRUE, 'language' => $language)),
'type' => $type->label(),
'type' => SafeMarkup::checkPlain($type->label()),
'title' => $node->label(),
'node' => $node,
'extra' => $extra,
......@@ -445,15 +446,9 @@ protected function indexNode(NodeInterface $node) {
$build = $node_render->view($node, 'search_index', $language->getId());
unset($build['#theme']);
$rendered = $this->renderer->renderPlain($build);
// Add the title to text so it is searchable.
$build['search_title'] = [
'#prefix' => '<h1>',
'#plain_text' => $node->label($language->getId()),
'#suffix' => '</h1>',
'#weight' => -1000
];
$text = $this->renderer->renderPlain($build);
$text = '<h1>' . SafeMarkup::checkPlain($node->label($language->getId())) . '</h1>' . $rendered;
// Fetch extra data normally not visible.
$extra = $this->moduleHandler->invokeAll('node_update_index', array($node, $language->getId()));
......
......@@ -8,7 +8,6 @@
namespace Drupal\node\Tests;
use Drupal\comment\Tests\CommentTestTrait;
use Drupal\Component\Utility\Html;
/**
* Tests node title.
......@@ -86,22 +85,5 @@ function testNodeTitle() {
// Test that 0 appears in the template <h1>.
$xpath = '//h1';
$this->assertEqual(current($this->xpath($xpath)), 0, 'Node title is displayed as 0.', 'Node');
// Test edge case where node title contains special characters.
$edge_case_title = 'article\'s "title".';
$settings = array(
'title' => $edge_case_title,
);
$node = $this->drupalCreateNode($settings);
// Test that the title appears as <title>. The title will be escaped on the
// the page.
$edge_case_title_escaped = Html::escape($edge_case_title);
$this->drupalGet('node/' . $node->id());
$this->assertTitle($edge_case_title_escaped . ' | Drupal', 'Page title is equal to article\'s "title".', 'Node');
// Test that the title appears as <title> when reloading the node page.
$this->drupalGet('node/' . $node->id());
$this->assertTitle($edge_case_title_escaped . ' | Drupal', 'Page title is equal to article\'s "title".', 'Node');
}
}
......@@ -7,8 +7,6 @@
namespace Drupal\node\Tests;
use Drupal\Component\Utility\Html;
/**
* Create a node with dangerous tags in its title and test that they are
* escaped.
......@@ -36,8 +34,8 @@ function testNodeTitleXSS() {
$node = $this->drupalCreateNode($settings);
$this->drupalGet('node/' . $node->id());