diff --git a/core/modules/config_translation/src/Form/ConfigTranslationFormBase.php b/core/modules/config_translation/src/Form/ConfigTranslationFormBase.php index 9e5372f..78c1d46 100644 --- a/core/modules/config_translation/src/Form/ConfigTranslationFormBase.php +++ b/core/modules/config_translation/src/Form/ConfigTranslationFormBase.php @@ -195,6 +195,25 @@ public function buildForm(array $form, FormStateInterface $form_state, Request $ /** * {@inheritdoc} */ + public function validateForm(array &$form, FormStateInterface $form_state) { + $form_values = $form_state->getValue(array('translation', 'config_names')); + foreach ($this->mapper->getConfigNames() as $name) { + foreach ($form_values[$name] as $key => $value) { + // Check that the submitted config value is safe. + if (is_string($value) && !locale_string_is_safe($value)) { + // Retrieve field label and name attribute. + $label = $form['config_names'][$name][$key]['translation']['#title']; + $field_name = $form['config_names'][$name][$key]['translation']['#name']; + // Field value is not safe, display error. + $form_state->setErrorByName($field_name, $this->t('The submitted %label value contains disallowed HTML', array('%label' => $label))); + } + } + } + } + + /** + * {@inheritdoc} + */ public function submitForm(array &$form, FormStateInterface $form_state) { $form_values = $form_state->getValue(array('translation', 'config_names'));