diff --git a/core/modules/quickedit/js/theme.js b/core/modules/quickedit/js/theme.js
index 8d47b10..76cf875 100644
--- a/core/modules/quickedit/js/theme.js
+++ b/core/modules/quickedit/js/theme.js
@@ -59,7 +59,8 @@
* The corresponding HTML.
*/
Drupal.theme.quickeditEntityToolbarLabel = function (settings) {
- return '' + settings.fieldLabel + '' + settings.entityLabel;
+ // @todo Add XSS regression test coverage in https://www.drupal.org/node/2547437
+ return '' + Drupal.checkPlain(settings.fieldLabel) + '' + Drupal.checkPlain(settings.entityLabel);
};
/**
diff --git a/core/modules/quickedit/js/views/EntityToolbarView.js b/core/modules/quickedit/js/views/EntityToolbarView.js
index f2a7f47..a9c5be8 100644
--- a/core/modules/quickedit/js/views/EntityToolbarView.js
+++ b/core/modules/quickedit/js/views/EntityToolbarView.js
@@ -454,7 +454,8 @@
});
}
else {
- label = entityLabel;
+ // @todo Add XSS regression test coverage in https://www.drupal.org/node/2547437
+ label = Drupal.checkPlain(entityLabel);
}
this.$el
diff --git a/core/modules/quickedit/src/MetadataGenerator.php b/core/modules/quickedit/src/MetadataGenerator.php
index df676d0..1de5fc6 100644
--- a/core/modules/quickedit/src/MetadataGenerator.php
+++ b/core/modules/quickedit/src/MetadataGenerator.php
@@ -89,10 +89,9 @@ public function generateFieldMetadata(FieldItemListInterface $items, $view_mode)
$label = $items->getFieldDefinition()->getLabel();
$editor = $this->editorManager->createInstance($editor_id);
$metadata = array(
- 'label' => SafeMarkup::checkPlain($label),
+ 'label' => $label,
'access' => TRUE,
'editor' => $editor_id,
- 'aria' => t('Entity @type @id, field @field', array('@type' => $entity->getEntityTypeId(), '@id' => $entity->id(), '@field' => $label)),
);
$custom_metadata = $editor->getMetadata($items);
if (count($custom_metadata)) {
diff --git a/core/modules/quickedit/src/Tests/MetadataGeneratorTest.php b/core/modules/quickedit/src/Tests/MetadataGeneratorTest.php
index a48890a..9fd47bc 100644
--- a/core/modules/quickedit/src/Tests/MetadataGeneratorTest.php
+++ b/core/modules/quickedit/src/Tests/MetadataGeneratorTest.php
@@ -107,7 +107,6 @@ public function testSimpleEntityType() {
'access' => TRUE,
'label' => 'Plain text field',
'editor' => 'plain_text',
- 'aria' => 'Entity entity_test 1, field Plain text field',
);
$this->assertEqual($expected_1, $metadata_1, 'The correct metadata is generated for the first field.');
@@ -118,7 +117,6 @@ public function testSimpleEntityType() {
'access' => TRUE,
'label' => 'Simple number field',
'editor' => 'form',
- 'aria' => 'Entity entity_test 1, field Simple number field',
);
$this->assertEqual($expected_2, $metadata_2, 'The correct metadata is generated for the second field.');
}
@@ -177,7 +175,6 @@ public function testEditorWithCustomMetadata() {
'access' => TRUE,
'label' => 'Rich text field',
'editor' => 'wysiwyg',
- 'aria' => 'Entity entity_test 1, field Rich text field',
'custom' => array(
'format' => 'full_html'
),