diff --git a/core/modules/views/src/Plugin/views/HandlerBase.php b/core/modules/views/src/Plugin/views/HandlerBase.php index 582e77f57d..a573818a1e 100644 --- a/core/modules/views/src/Plugin/views/HandlerBase.php +++ b/core/modules/views/src/Plugin/views/HandlerBase.php @@ -2,6 +2,7 @@ namespace Drupal\views\Plugin\views; +use Drupal\Component\Render\MarkupInterface; use Drupal\Component\Utility\Html; use Drupal\Component\Utility\Unicode; use Drupal\Component\Utility\UrlHelper; @@ -196,6 +197,9 @@ public function sanitizeValue($value, $type = NULL) { if ($value === NULL) { return ''; } + if ($value instanceof MarkupInterface) { + return $value; + } switch ($type) { case 'xss': $value = Xss::filter($value); diff --git a/core/modules/views/tests/src/Unit/Plugin/HandlerBaseTest.php b/core/modules/views/tests/src/Unit/Plugin/HandlerBaseTest.php index f3468a0763..e050cd4ca6 100644 --- a/core/modules/views/tests/src/Unit/Plugin/HandlerBaseTest.php +++ b/core/modules/views/tests/src/Unit/Plugin/HandlerBaseTest.php @@ -7,6 +7,8 @@ namespace Drupal\Tests\views\Unit\Plugin; +use Drupal\Component\Render\MarkupInterface; +use Drupal\Core\Render\Markup; use Drupal\Tests\UnitTestCase; use Drupal\views\Plugin\views\HandlerBase; @@ -95,6 +97,50 @@ public function testGetEntityTypeForFieldWithRelationship() { $this->assertEquals('test_other_entity_type', $handler->getEntityType()); } + /** + * Test the value sanitization. + * + * @param mixed $value + * Value to sanitize. + * @param string $expected + * Expected string to match the sanitized value. + * @param string|null $type + * Type of sanitization to use. + * + * @covers ::sanitizeValue + * @dataProvider providerTestSanitizeValue + */ + public function testSanitizeValue($value, $expected, $type = NULL) { + $handler = new TestHandler([], 'test_handler', []); + $result = $handler->sanitizeValue($value, $type); + $this->assertInstanceOf(MarkupInterface::class, $result); + $this->assertEquals((string) $expected, (string) $result); + } + + /** + * Data provider for ::testSanitizeValue(). + * + * @return array + * Test data. + */ + public function providerTestSanitizeValue() { + return [ + ['<><"\'', '<>&lt;"''], + [Markup::create('<><"\''), '<><"\''], + ['javascript:localhost:data:http://localhost:80/', 'http://localhost:80/', 'url'], + [ + 'Test', + 'Test', + 'xss', + ], + [ + 'Test', + 'Test', + 'xss_admin', + ], + ]; + } + } /**