From d96918cc0d408a54df7cf0ffd21e56b49d70774b Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Thu, 9 Oct 2014 10:38:53 +0100
Subject: [PATCH] Issue #2319667 by aneek, vurt, dankh: Fixed Simpletest Module
 Double escaped HTML in hook_requirements.

---
 core/includes/install.inc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/core/includes/install.inc b/core/includes/install.inc
index 8c2e9fe219d8..9515b4f13a17 100644
--- a/core/includes/install.inc
+++ b/core/includes/install.inc
@@ -8,6 +8,7 @@
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Drupal\Component\Utility\Crypt;
 use Drupal\Component\Utility\OpCodeCache;
+use Drupal\Component\Utility\SafeMarkup;
 use Drupal\Component\Utility\UrlHelper;
 use Drupal\Core\Extension\ExtensionDiscovery;
 use Drupal\Core\Site\Settings;
@@ -1019,11 +1020,14 @@ function drupal_check_module($module) {
     // Print any error messages
     foreach ($requirements as $requirement) {
       if (isset($requirement['severity']) && $requirement['severity'] == REQUIREMENT_ERROR) {
-        $message = $requirement['description'];
+        $message = SafeMarkup::escape($requirement['description']);
         if (isset($requirement['value']) && $requirement['value']) {
           $message .= ' (' . t('Currently using !item !version', array('!item' => $requirement['title'], '!version' => $requirement['value'])) . ')';
         }
-        drupal_set_message($message, 'error');
+        // The string was previously checked as safe or escaped properly with
+        // SafeMarkup::escape() method and the concatinated message string is
+        // designated safe by running through the t() function.
+        drupal_set_message(SafeMarkup::set($message), 'error');
       }
     }
     return FALSE;
-- 
GitLab