diff --git a/core/includes/bootstrap.inc b/core/includes/bootstrap.inc index e1c15fe..6d9a30d 100644 --- a/core/includes/bootstrap.inc +++ b/core/includes/bootstrap.inc @@ -1621,8 +1621,8 @@ function format_string($string, array $args = array()) { * @see drupal_validate_utf8() * @ingroup sanitization */ -function check_plain($text) { - return htmlspecialchars($text, ENT_QUOTES, 'UTF-8'); +function check_plain($text, $double_encode = TRUE) { + return htmlspecialchars($text, ENT_QUOTES, 'UTF-8', $double_encode); } /** diff --git a/core/lib/Drupal/Core/Template/AttributeString.php b/core/lib/Drupal/Core/Template/AttributeString.php index 9776467..04b6c55 100644 --- a/core/lib/Drupal/Core/Template/AttributeString.php +++ b/core/lib/Drupal/Core/Template/AttributeString.php @@ -29,7 +29,8 @@ class AttributeString extends AttributeValueBase { */ public function __toString() { $this->printed = TRUE; - return check_plain($this->value); + // Allow for the possibility of html entities in an attribute string + return check_plain($this->value, FALSE); } } diff --git a/core/modules/system/lib/Drupal/system/Tests/Menu/MenuRouterTest.php b/core/modules/system/lib/Drupal/system/Tests/Menu/MenuRouterTest.php index d4d7451..e331222 100644 --- a/core/modules/system/lib/Drupal/system/Tests/Menu/MenuRouterTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/Menu/MenuRouterTest.php @@ -509,6 +509,7 @@ function testMenuLinkOptions() { 'options' => array( 'attributes' => array( 'title' => 'Test title attribute', + 'data_test' => '', ), 'query' => array( 'testparam' => 'testvalue', @@ -520,6 +521,7 @@ function testMenuLinkOptions() { // Load front page. $this->drupalGet('test-page'); $this->assertRaw('title="Test title attribute"', 'Title attribute of a menu link renders.'); + $this->assertRaw('data_test=""', 'check_plain() does not double-escape entities in strings.'); $this->assertRaw('testparam=testvalue', 'Query parameter added to menu link.'); }