Skip to content
Snippets Groups Projects
Unverified Commit 16d10753 authored by Alex Pott's avatar Alex Pott
Browse files

Issue #2569381 by alx_benjamin, init90, vasi, deepakaryan1988,...

Issue #2569381 by alx_benjamin, init90, vasi, deepakaryan1988, Munavijayalakshmi, Lendude, DuaelFr, alexpott, dawehner: Drupal\views\Plugin\views\area\Result does an unnecessary XSS::adminFilter()

(cherry picked from commit f5fdfe31)
parent a0f29195
No related branches found
No related tags found
No related merge requests found
...@@ -3,7 +3,6 @@ ...@@ -3,7 +3,6 @@
namespace Drupal\views\Plugin\views\area; namespace Drupal\views\Plugin\views\area;
use Drupal\Component\Utility\Html; use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Form\FormStateInterface;
use Drupal\views\Plugin\views\style\DefaultSummary; use Drupal\views\Plugin\views\style\DefaultSummary;
...@@ -114,7 +113,7 @@ public function render($empty = FALSE) { ...@@ -114,7 +113,7 @@ public function render($empty = FALSE) {
$replacements['@page_count'] = $page_count; $replacements['@page_count'] = $page_count;
// Send the output. // Send the output.
if (!empty($total) || !empty($this->options['empty'])) { if (!empty($total) || !empty($this->options['empty'])) {
$output .= Xss::filterAdmin(str_replace(array_keys($replacements), array_values($replacements), $format)); $output .= str_replace(array_keys($replacements), array_values($replacements), $format);
// Return as render array. // Return as render array.
return [ return [
'#markup' => $output, '#markup' => $output,
......
...@@ -50,7 +50,7 @@ display: ...@@ -50,7 +50,7 @@ display:
group_type: group group_type: group
admin_label: '' admin_label: ''
empty: true empty: true
content: "start: @start | end: @end | total: @total | label: @label | per page: @per_page | current page: @current_page | current record count: @current_record_count | page count: @page_count" content: "<script />start: @start | end: @end | total: @total | label: @label | per page: @per_page | current page: @current_page | current record count: @current_record_count | page count: @page_count"
plugin_id: result plugin_id: result
display_plugin: default display_plugin: default
display_title: Default display_title: Default
......
...@@ -29,6 +29,9 @@ public function testResult() { ...@@ -29,6 +29,9 @@ public function testResult() {
$output = \Drupal::service('renderer')->renderRoot($output); $output = \Drupal::service('renderer')->renderRoot($output);
$this->setRawContent($output); $this->setRawContent($output);
$this->assertText('start: 1 | end: 5 | total: 5 | label: test_area_result | per page: 0 | current page: 1 | current record count: 5 | page count: 1'); $this->assertText('start: 1 | end: 5 | total: 5 | label: test_area_result | per page: 0 | current page: 1 | current record count: 5 | page count: 1');
// Make sure that potentially dangerous content was stripped.
$this->assertNoRaw('<script />');
} }
/** /**
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment