diff --git a/core/modules/views/src/Plugin/views/area/Result.php b/core/modules/views/src/Plugin/views/area/Result.php index e8d194773282bfce14da6558c1ed9cad2e9ab7d5..6fc6805dbc93f0951a17f185573c95726ff95b08 100644 --- a/core/modules/views/src/Plugin/views/area/Result.php +++ b/core/modules/views/src/Plugin/views/area/Result.php @@ -3,7 +3,6 @@ namespace Drupal\views\Plugin\views\area; use Drupal\Component\Utility\Html; -use Drupal\Component\Utility\Xss; use Drupal\Core\Form\FormStateInterface; use Drupal\views\Plugin\views\style\DefaultSummary; @@ -114,7 +113,7 @@ public function render($empty = FALSE) { $replacements['@page_count'] = $page_count; // Send the output. if (!empty($total) || !empty($this->options['empty'])) { - $output .= Xss::filterAdmin(str_replace(array_keys($replacements), array_values($replacements), $format)); + $output .= str_replace(array_keys($replacements), array_values($replacements), $format); // Return as render array. return [ '#markup' => $output, diff --git a/core/modules/views/tests/modules/views_test_config/test_views/views.view.test_area_result.yml b/core/modules/views/tests/modules/views_test_config/test_views/views.view.test_area_result.yml index 6b47f153f34f59fa7ae3967e475c6fabc1d30725..05f574e59dd553f5df4bbab461f8324cc8b29d07 100644 --- a/core/modules/views/tests/modules/views_test_config/test_views/views.view.test_area_result.yml +++ b/core/modules/views/tests/modules/views_test_config/test_views/views.view.test_area_result.yml @@ -50,7 +50,7 @@ display: group_type: group admin_label: '' empty: true - content: "start: @start | end: @end | total: @total | label: @label | per page: @per_page | current page: @current_page | current record count: @current_record_count | page count: @page_count" + content: "<script />start: @start | end: @end | total: @total | label: @label | per page: @per_page | current page: @current_page | current record count: @current_record_count | page count: @page_count" plugin_id: result display_plugin: default display_title: Default diff --git a/core/modules/views/tests/src/Kernel/Handler/AreaResultTest.php b/core/modules/views/tests/src/Kernel/Handler/AreaResultTest.php index 31e252aef2cf18b6911fd14773af32eb7dc74c78..a292e5c6a87a63ecda737105df97ca1ed8e506f9 100644 --- a/core/modules/views/tests/src/Kernel/Handler/AreaResultTest.php +++ b/core/modules/views/tests/src/Kernel/Handler/AreaResultTest.php @@ -29,6 +29,9 @@ public function testResult() { $output = \Drupal::service('renderer')->renderRoot($output); $this->setRawContent($output); $this->assertText('start: 1 | end: 5 | total: 5 | label: test_area_result | per page: 0 | current page: 1 | current record count: 5 | page count: 1'); + + // Make sure that potentially dangerous content was stripped. + $this->assertNoRaw('<script />'); } /**