Loading core/modules/views/tests/src/Kernel/Plugin/StyleFieldsTest.php 0 → 100644 +68 −0 Original line number Diff line number Diff line <?php namespace Drupal\Tests\views\Kernel\Plugin; use Drupal\Tests\views\Kernel\ViewsKernelTestBase; use Drupal\views\Views; /** * Tests fields style functionality. * * @group views * * @see \Drupal\views\Plugin\views\row\Fields. */ class StyleFieldsTest extends ViewsKernelTestBase { /** * {@inheritdoc} */ public static $testViews = ['test_view']; /** * Tests inline fields and separator. */ public function testInlineFields() { $renderer = $this->container->get('renderer'); $view = Views::getView('test_view'); $view->setDisplay(); // Test using an HTML separator. $row = $view->display_handler->getOption('row'); $row['options'] = [ 'inline' => [ 'age' => 'age', 'id' => 'id', 'name' => 'name', ], 'separator' => '<br />', ]; $view->display_handler->setOption('row', $row); $view->initDisplay(); $view->initStyle(); $output = $view->preview(); $output = $renderer->renderRoot($output); $this->assertContains('<div class="views-row"><span class="views-field views-field-age"><span class="field-content">25</span></span><br /><span class="views-field views-field-id"><span class="field-content">1</span></span><br /><span class="views-field views-field-name"><span class="field-content">John</span></span></div>', (string) $output); $view->destroy(); // Check that unsafe separators are stripped. $view->setDisplay(); $row = $view->display_handler->getOption('row'); $row['options'] = [ 'inline' => [ 'age' => 'age', 'id' => 'id', 'name' => 'name', ], 'separator' => '<script>alert("escape me!")</script>', ]; $view->display_handler->setOption('row', $row); $view->initDisplay(); $view->initStyle(); $output = $view->preview(); $output = $renderer->renderRoot($output); $this->assertNotContains('<script>', (string) $output); $this->assertContains('alert("escape me!")', (string) $output); } } core/modules/views/views.theme.inc +3 −1 Original line number Diff line number Diff line Loading @@ -139,7 +139,9 @@ function template_preprocess_views_view_fields(&$variables) { } if (!empty($variables['options']['separator']) && $previous_inline && $object->inline && $object->content) { $object->separator = Xss::filterAdmin($variables['options']['separator']); $object->separator = [ '#markup' => $variables['options']['separator'], ]; } $object->class = Html::cleanCssIdentifier($id); Loading Loading
core/modules/views/tests/src/Kernel/Plugin/StyleFieldsTest.php 0 → 100644 +68 −0 Original line number Diff line number Diff line <?php namespace Drupal\Tests\views\Kernel\Plugin; use Drupal\Tests\views\Kernel\ViewsKernelTestBase; use Drupal\views\Views; /** * Tests fields style functionality. * * @group views * * @see \Drupal\views\Plugin\views\row\Fields. */ class StyleFieldsTest extends ViewsKernelTestBase { /** * {@inheritdoc} */ public static $testViews = ['test_view']; /** * Tests inline fields and separator. */ public function testInlineFields() { $renderer = $this->container->get('renderer'); $view = Views::getView('test_view'); $view->setDisplay(); // Test using an HTML separator. $row = $view->display_handler->getOption('row'); $row['options'] = [ 'inline' => [ 'age' => 'age', 'id' => 'id', 'name' => 'name', ], 'separator' => '<br />', ]; $view->display_handler->setOption('row', $row); $view->initDisplay(); $view->initStyle(); $output = $view->preview(); $output = $renderer->renderRoot($output); $this->assertContains('<div class="views-row"><span class="views-field views-field-age"><span class="field-content">25</span></span><br /><span class="views-field views-field-id"><span class="field-content">1</span></span><br /><span class="views-field views-field-name"><span class="field-content">John</span></span></div>', (string) $output); $view->destroy(); // Check that unsafe separators are stripped. $view->setDisplay(); $row = $view->display_handler->getOption('row'); $row['options'] = [ 'inline' => [ 'age' => 'age', 'id' => 'id', 'name' => 'name', ], 'separator' => '<script>alert("escape me!")</script>', ]; $view->display_handler->setOption('row', $row); $view->initDisplay(); $view->initStyle(); $output = $view->preview(); $output = $renderer->renderRoot($output); $this->assertNotContains('<script>', (string) $output); $this->assertContains('alert("escape me!")', (string) $output); } }
core/modules/views/views.theme.inc +3 −1 Original line number Diff line number Diff line Loading @@ -139,7 +139,9 @@ function template_preprocess_views_view_fields(&$variables) { } if (!empty($variables['options']['separator']) && $previous_inline && $object->inline && $object->content) { $object->separator = Xss::filterAdmin($variables['options']['separator']); $object->separator = [ '#markup' => $variables['options']['separator'], ]; } $object->class = Html::cleanCssIdentifier($id); Loading
