summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNathaniel Catchpole2017-07-03 16:28:44 (GMT)
committerNathaniel Catchpole2017-07-03 16:28:44 (GMT)
commit193c48460cc54126b8073d9984b97ea602354bbd (patch)
tree5ec273ac13a0fc8eeb7f55f9d8f98b9f0dbcff2c
parented6bdc9a7780f5b22f96cbeba735f141e9fb0e55 (diff)
Issue #2872322 by lcontreras, Jo Fitzgerald, Manuel Garcia, Lendude, rroose, catch: Views preview title is double escaped
-rw-r--r--core/modules/views_ui/src/Tests/PreviewTest.php6
-rw-r--r--core/modules/views_ui/src/ViewUI.php7
2 files changed, 11 insertions, 2 deletions
diff --git a/core/modules/views_ui/src/Tests/PreviewTest.php b/core/modules/views_ui/src/Tests/PreviewTest.php
index 95fba8c..c723cb3 100644
--- a/core/modules/views_ui/src/Tests/PreviewTest.php
+++ b/core/modules/views_ui/src/Tests/PreviewTest.php
@@ -114,6 +114,12 @@ class PreviewTest extends UITestBase {
$settings->set('ui.show.sql_query.where', 'below')->save();
$this->drupalPostForm(NULL, $edit = ['view_args' => '100'], t('Update preview'));
$this->assertTrue(strpos($this->getRawContent(), 'view-test-preview') < strpos($this->getRawContent(), 'views-query-info'), 'Statistics shown below the preview.');
+
+ // Test that the preview title isn't double escaped.
+ $this->drupalPostForm("admin/structure/views/nojs/display/test_preview/default/title", $edit = ['title' => 'Double & escaped'], t('Apply'));
+ $this->drupalPostForm(NULL, [], t('Update preview'));
+ $elements = $this->xpath('//div[@id="views-live-preview"]/div[contains(@class, views-query-info)]//td[text()=:text]', [':text' => t('Double & escaped')]);
+ $this->assertEqual(1, count($elements));
}
/**
diff --git a/core/modules/views_ui/src/ViewUI.php b/core/modules/views_ui/src/ViewUI.php
index b6841a8..2e7fabd 100644
--- a/core/modules/views_ui/src/ViewUI.php
+++ b/core/modules/views_ui/src/ViewUI.php
@@ -4,7 +4,6 @@ namespace Drupal\views_ui;
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\Timer;
-use Drupal\Component\Utility\Xss;
use Drupal\Core\EventSubscriber\AjaxResponseSubscriber;
use Drupal\Core\Form\FormStateInterface;
use Drupal\views\Views;
@@ -688,7 +687,11 @@ class ViewUI implements ViewEntityInterface {
'#template' => "<strong>{% trans 'Title' %}</strong>",
],
],
- Xss::filterAdmin($executable->getTitle()),
+ [
+ 'data' => [
+ '#markup' => $executable->getTitle(),
+ ],
+ ],
];
if (isset($path)) {
// @todo Views should expect and store a leading /. See: