summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Pott2016-09-30 11:48:04 +0100
committerAlex Pott2016-09-30 11:48:04 +0100
commitf506915ec804045a07eae3eb0dfae567dfc3ac2d (patch)
tree361636479e501345f0e44ced34ac7a21333d1349
parent64f9bb959b30c26870c7a7daad48d6dc78b66105 (diff)
Revert "Issue #2807705 by alexpott, dawehner, aburke626: FormattableMarkup::placeholderFormat() can result in unsafe replacements"
This reverts commit 8477ed5afd36e527783ae3423191b1d2e1639bd7.
-rw-r--r--core/lib/Drupal/Component/Render/FormattableMarkup.php5
-rw-r--r--core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php4
2 files changed, 1 insertions, 8 deletions
diff --git a/core/lib/Drupal/Component/Render/FormattableMarkup.php b/core/lib/Drupal/Component/Render/FormattableMarkup.php
index e5637e3..d9fbf2f 100644
--- a/core/lib/Drupal/Component/Render/FormattableMarkup.php
+++ b/core/lib/Drupal/Component/Render/FormattableMarkup.php
@@ -227,16 +227,11 @@ class FormattableMarkup implements MarkupInterface, \Countable {
default:
// We do not trigger an error for placeholder that start with an
// alphabetic character.
- // @todo https://www.drupal.org/node/2807743 Change to an exception
- // and always throw regardless of the first character.
if (!ctype_alpha($key[0])) {
// We trigger an error as we may want to introduce new placeholders
// in the future without breaking backward compatibility.
trigger_error('Invalid placeholder (' . $key . ') in string: ' . $string, E_USER_ERROR);
}
- // If the placeholder is not a recognised placeholder ensure non-safe
- // values are escaped.
- $args[$key] = '<em class="placeholder">' . static::placeholderEscape($value) . '</em>';
break;
}
}
diff --git a/core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php b/core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php
index b149769..cbf86d2 100644
--- a/core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php
+++ b/core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php
@@ -137,7 +137,7 @@ class SafeMarkupTest extends UnitTestCase {
UrlHelper::setAllowedProtocols(['http', 'https', 'mailto']);
$result = SafeMarkup::format($string, $args);
- $this->assertEquals($expected, (string) $result, $message);
+ $this->assertEquals($expected, $result, $message);
$this->assertEquals($expected_is_safe, $result instanceof MarkupInterface, 'SafeMarkup::format correctly sets the result as safe or not safe.');
foreach ($args as $arg) {
@@ -171,8 +171,6 @@ class SafeMarkupTest extends UnitTestCase {
$tests['non-url-with-colon'] = ['Hey giraffe <a href=":url">MUUUH</a>', [':url' => "llamas: they are not URLs"], 'Hey giraffe <a href=" they are not URLs">MUUUH</a>', '', TRUE];
$tests['non-url-with-html'] = ['Hey giraffe <a href=":url">MUUUH</a>', [':url' => "<span>not a url</span>"], 'Hey giraffe <a href="&lt;span&gt;not a url&lt;/span&gt;">MUUUH</a>', '', TRUE];
- // Tests non-standard placeholders.
- $tests['non-standard-placeholder'] = ['Hey risky', ['risky' => "<script>alert('foo');</script>"], 'Hey <em class="placeholder">&lt;script&gt;alert(&#039;foo&#039;);&lt;/script&gt;</em>', '', TRUE];
return $tests;
}
/**