diff --git a/core/includes/theme.inc b/core/includes/theme.inc
index 3e74521..757b61c 100644
--- a/core/includes/theme.inc
+++ b/core/includes/theme.inc
@@ -1237,7 +1237,7 @@ function template_preprocess_html(&$variables) {
// Construct page title.
if (isset($variables['page']['#title']) && is_array($variables['page']['#title'])) {
// Do an early render if the title is a render array.
- $variables['page']['#title'] = (string) \Drupal::service('renderer')->render($variables['page']['#title']);
+ $variables['page']['#title'] = \Drupal::service('renderer')->render($variables['page']['#title']);
}
if (!empty($variables['page']['#title'])) {
$head_title = array(
diff --git a/core/modules/node/src/Tests/Views/FrontPageTest.php b/core/modules/node/src/Tests/Views/FrontPageTest.php
index ba8438f..39ead99 100644
--- a/core/modules/node/src/Tests/Views/FrontPageTest.php
+++ b/core/modules/node/src/Tests/Views/FrontPageTest.php
@@ -179,11 +179,15 @@ public function testAdminFrontPage() {
\Drupal::service('module_installer')->install(array('views_ui'));
// Login root user with sufficient permissions.
$this->drupalLogin($this->rootUser);
+ $this->config('system.site')
+ ->set('name', '')
+ ->save();
// Test frontpage view.
$this->drupalGet('node');
$this->assertResponse(200);
// Check that the frontpage view was rendered.
$this->assertPattern('/class=".+view-frontpage/', 'Frontpage view was rendered');
+ $this->assertRaw('Welcome to <script>alert("xss");</script>', 'Found the escaped view title.');
}
/**
diff --git a/core/modules/views_ui/src/ViewUI.php b/core/modules/views_ui/src/ViewUI.php
index 8168bf2..a9d7d9e 100644
--- a/core/modules/views_ui/src/ViewUI.php
+++ b/core/modules/views_ui/src/ViewUI.php
@@ -716,7 +716,11 @@ public function renderPreview($display_id, $args = array()) {
'#template' => "{% trans 'Title' %}",
),
),
- Xss::filterAdmin($executable->getTitle()),
+ array(
+ 'data' => array(
+ '#markup' => $executable->getTitle(),
+ ),
+ ),
);
if (isset($path)) {
// @todo Views should expect and store a leading /. See: