diff --git a/core/modules/system/lib/Drupal/system/Tests/Theme/EntityFilteringThemeTest.php b/core/modules/system/lib/Drupal/system/Tests/Theme/EntityFilteringThemeTest.php
new file mode 100644
index 0000000..b2cd4e4
--- /dev/null
+++ b/core/modules/system/lib/Drupal/system/Tests/Theme/EntityFilteringThemeTest.php
@@ -0,0 +1,139 @@
+HTML and ";
+
+ public static function getInfo() {
+ return array(
+ 'name' => 'Entity filtering theme test',
+ 'description' => 'Tests themed output for each entity type in all available themes to ensure entity labels are filtered for XSS.',
+ 'group' => 'Theme',
+ );
+ }
+
+ function setUp() {
+ parent::setUp();
+
+ // Enable all available themes for testing.
+ $this->themes = array_keys(list_themes());
+ theme_enable($this->themes);
+
+ // Create a test user
+ $this->user = $this->drupalCreateUser(array('access content', 'access user profiles'));
+ $this->user->name = $this->xss_label;
+ $this->user->save();
+ $this->drupalLogin($this->user);
+
+ // Create a test term.
+ $this->term = entity_create('taxonomy_term', array(
+ 'name' => $this->xss_label,
+ 'vid' => 1,
+ ));
+ taxonomy_term_save($this->term);
+
+ // Create a test node.
+ $this->node = $this->drupalCreateNode(array(
+ 'title' => $this->xss_label,
+ 'type' => 'article',
+ 'promote' => NODE_PROMOTED,
+ 'field_tags' => array(LANGUAGE_NOT_SPECIFIED => array(array('tid' => $this->term->tid))),
+ ));
+
+ // Create a test comment.
+ $this->comment = entity_create('comment', array(
+ 'nid' => $this->node->nid,
+ 'node_type' => 'article',
+ 'status' => COMMENT_PUBLISHED,
+ 'subject' => $this->xss_label,
+ 'comment_body' => array(LANGUAGE_NOT_SPECIFIED => array($this->randomName())),
+ ));
+ comment_save($this->comment);
+ }
+
+ /**
+ * Checks each themed entity for XSS filtering in available themes.
+ */
+ function testThemedEntity() {
+ // Check paths where various view modes of the entities are rendered.
+ $paths = array(
+ 'user',
+ 'node',
+ 'node/' . $this->node->nid,
+ 'taxonomy/term/' . $this->term->tid,
+ );
+
+ // Check each path in all available themes.
+ foreach ($this->themes as $theme) {
+ variable_set('theme_default', $theme);
+ foreach ($paths as $path) {
+ $this->drupalGet($path);
+ $this->assertResponse(200);
+ $this->assertNoRaw($this->xss_label);
+ }
+ }
+ }
+
+}
diff --git a/core/themes/bartik/templates/node.tpl.php b/core/themes/bartik/templates/node.tpl.php
index ce30175..accc60d 100644
--- a/core/themes/bartik/templates/node.tpl.php
+++ b/core/themes/bartik/templates/node.tpl.php
@@ -5,7 +5,7 @@
* Bartik's theme implementation to display a node.
*
* Available variables:
- * - $title: the (sanitized) title of the node.
+ * - $label: the (sanitized) title of the node.
* - $content: An array of node items. Use render($content) to print them all,
* or print a subset such as render($content['field_example']). Use
* hide($content['field_example']) to temporarily suppress the printing of a
@@ -83,7 +83,7 @@
>
-
+