diff --git a/core/lib/Drupal/Core/Entity/EntityAutocompleteMatcher.php b/core/lib/Drupal/Core/Entity/EntityAutocompleteMatcher.php
index cf19b0c..085cfb3 100644
--- a/core/lib/Drupal/Core/Entity/EntityAutocompleteMatcher.php
+++ b/core/lib/Drupal/Core/Entity/EntityAutocompleteMatcher.php
@@ -72,6 +72,7 @@ public function getMatches($target_type, $selection_handler, $selection_settings
// Loop through the entities and convert them into autocomplete output.
foreach ($entity_labels as $values) {
foreach ($values as $entity_id => $label) {
+ $label = Html::escape($label);
$key = "$label ($entity_id)";
// Strip things like starting/trailing white spaces, line breaks and
// tags.
diff --git a/core/lib/Drupal/Core/Entity/EntityReferenceSelection/SelectionInterface.php b/core/lib/Drupal/Core/Entity/EntityReferenceSelection/SelectionInterface.php
index 65d86c9..399b933 100644
--- a/core/lib/Drupal/Core/Entity/EntityReferenceSelection/SelectionInterface.php
+++ b/core/lib/Drupal/Core/Entity/EntityReferenceSelection/SelectionInterface.php
@@ -27,8 +27,8 @@
*
* @return array
* A nested array of entities, the first level is keyed by the
- * entity bundle, which contains an array of entity labels (safe HTML),
- * keyed by the entity ID.
+ * entity bundle, which contains an array of entity labels, keyed by the
+ * entity ID. Note the entity label is not escaped.
*/
public function getReferenceableEntities($match = NULL, $match_operator = 'CONTAINS', $limit = 0);
diff --git a/core/lib/Drupal/Core/Entity/Plugin/EntityReferenceSelection/SelectionBase.php b/core/lib/Drupal/Core/Entity/Plugin/EntityReferenceSelection/SelectionBase.php
index cb8c7d6..f05844a 100644
--- a/core/lib/Drupal/Core/Entity/Plugin/EntityReferenceSelection/SelectionBase.php
+++ b/core/lib/Drupal/Core/Entity/Plugin/EntityReferenceSelection/SelectionBase.php
@@ -7,7 +7,6 @@
namespace Drupal\Core\Entity\Plugin\EntityReferenceSelection;
-use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Database\Query\AlterableInterface;
use Drupal\Core\Database\Query\SelectInterface;
use Drupal\Core\Entity\EntityManagerInterface;
@@ -235,7 +234,7 @@ public function getReferenceableEntities($match = NULL, $match_operator = 'CONTA
$entities = entity_load_multiple($target_type, $result);
foreach ($entities as $entity_id => $entity) {
$bundle = $entity->bundle();
- $options[$bundle][$entity_id] = SafeMarkup::checkPlain($entity->label());
+ $options[$bundle][$entity_id] = $entity->label();
}
return $options;
diff --git a/core/lib/Drupal/Core/Render/Element/Checkbox.php b/core/lib/Drupal/Core/Render/Element/Checkbox.php
index 5f39bcc..28b15a6 100644
--- a/core/lib/Drupal/Core/Render/Element/Checkbox.php
+++ b/core/lib/Drupal/Core/Render/Element/Checkbox.php
@@ -7,8 +7,11 @@
namespace Drupal\Core\Render\Element;
+use Drupal\Component\Utility\Html as HtmlUtility;
+use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Render\Element;
+use Drupal\Core\Render\SafeString;
/**
* Provides a form element for a single checkbox.
@@ -106,6 +109,12 @@ public static function preRenderCheckbox($element) {
}
static::setAttributes($element, array('form-checkbox'));
+ // Ensure the title is safe. Default to escaping to make this the same as
+ // Twig's auto-escape feature.
+ if (isset($element['#title']) && !SafeMarkup::isSafe($element['#title'])) {
+ $element['#title'] = SafeString::create(HtmlUtility::escape($element['#title']));
+ }
+
return $element;
}
diff --git a/core/lib/Drupal/Core/Render/Element/Radio.php b/core/lib/Drupal/Core/Render/Element/Radio.php
index 2e8b28c..663fb9e 100644
--- a/core/lib/Drupal/Core/Render/Element/Radio.php
+++ b/core/lib/Drupal/Core/Render/Element/Radio.php
@@ -7,7 +7,10 @@
namespace Drupal\Core\Render\Element;
+use Drupal\Component\Utility\Html as HtmlUtility;
+use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Render\Element;
+use Drupal\Core\Render\SafeString;
/**
* Provides a form element for a single radio button.
@@ -66,6 +69,12 @@ public static function preRenderRadio($element) {
}
static::setAttributes($element, array('form-radio'));
+ // Ensure the title is safe. Default to escaping to make this the same as
+ // Twig's auto-escape feature.
+ if (isset($element['#title']) && !SafeMarkup::isSafe($element['#title'])) {
+ $element['#title'] = SafeString::create(HtmlUtility::escape($element['#title']));
+ }
+
return $element;
}
diff --git a/core/modules/entity_reference/src/ConfigurableEntityReferenceItem.php b/core/modules/entity_reference/src/ConfigurableEntityReferenceItem.php
index be11617..09d1edd 100644
--- a/core/modules/entity_reference/src/ConfigurableEntityReferenceItem.php
+++ b/core/modules/entity_reference/src/ConfigurableEntityReferenceItem.php
@@ -7,7 +7,6 @@
namespace Drupal\entity_reference;
-use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Field\Plugin\Field\FieldType\EntityReferenceItem;
use Drupal\Core\Field\PreconfiguredFieldUiOptionsInterface;
@@ -80,7 +79,7 @@ public function getSettableOptions(AccountInterface $account = NULL) {
$return = array();
foreach ($options as $bundle => $entity_ids) {
- $bundle_label = SafeMarkup::checkPlain($bundles[$bundle]['label']);
+ $bundle_label = $bundles[$bundle]['label'];
$return[$bundle_label] = $entity_ids;
}
@@ -135,11 +134,11 @@ public function fieldSettingsForm(array $form, FormStateInterface $form_state) {
// entity type specific plugins (e.g., 'default:node', 'default:user',
// etc.).
if (array_key_exists($selection_group_id, $selection_plugins[$selection_group_id])) {
- $handlers_options[$selection_group_id] = SafeMarkup::checkPlain($selection_plugins[$selection_group_id][$selection_group_id]['label']);
+ $handlers_options[$selection_group_id] = $selection_plugins[$selection_group_id][$selection_group_id]['label'];
}
elseif (array_key_exists($selection_group_id . ':' . $this->getSetting('target_type'), $selection_plugins[$selection_group_id])) {
$selection_group_plugin = $selection_group_id . ':' . $this->getSetting('target_type');
- $handlers_options[$selection_group_plugin] = SafeMarkup::checkPlain($selection_plugins[$selection_group_id][$selection_group_plugin]['base_plugin_label']);
+ $handlers_options[$selection_group_plugin] = $selection_plugins[$selection_group_id][$selection_group_plugin]['base_plugin_label'];
}
}
diff --git a/core/modules/entity_reference/src/Tests/EntityReferenceXSSTest.php b/core/modules/entity_reference/src/Tests/EntityReferenceXSSTest.php
new file mode 100644
index 0000000..5d9ec23
--- /dev/null
+++ b/core/modules/entity_reference/src/Tests/EntityReferenceXSSTest.php
@@ -0,0 +1,79 @@
+drupalLogin($this->rootUser);
+ $this->createEntityReferenceField('node', 'article', 'entity_reference_test', 'Entity Reference test', 'node', 'default', ['target_bundles' => ['page']]);
+ }
+
+ /**
+ * Ensures that XSS is not possible through entity reference select.
+ */
+ public function testEntityReferenceSelectXSS() {
+ \Drupal::entityManager()
+ ->getStorage('entity_form_display')
+ ->load('node.article.default')
+ ->setComponent('entity_reference_test', ['type' => 'options_select'])
+ ->save();
+ $node = [
+ 'type' => 'page',
+ 'title' => 'I am kitten',
+ ];
+ $this->drupalCreateNode($node);
+ $this->drupalGet('node/add/article');
+ $this->assertRaw(strip_tags($node['title']));
+ }
+
+ /**
+ * Ensures that XSS is not possible through entity reference display.
+ */
+ public function testEntityReferenceDisplayXSS() {
+ \Drupal::entityManager()
+ ->getStorage('entity_view_display')
+ ->load('node.article.default')
+ ->setComponent('entity_reference_test')
+ ->save();
+ $node = [
+ 'type' => 'page',
+ 'title' => 'I am kitten',
+ ];
+ $node1 = $this->drupalCreateNode($node);
+ $node = [
+ 'type' => 'article',
+ 'field_entity_reference_test' => [
+ 'target_id' => $node1->id(),
+ ],
+ ];
+ $node2 = $this->drupalCreateNode($node);
+ $this->drupalGet('node/' . $node2->id());
+ $this->assertEscaped($node1->getTitle());
+ }
+
+}
diff --git a/core/modules/filter/src/FilterFormatFormBase.php b/core/modules/filter/src/FilterFormatFormBase.php
index 77b5433..37b26e7 100644
--- a/core/modules/filter/src/FilterFormatFormBase.php
+++ b/core/modules/filter/src/FilterFormatFormBase.php
@@ -79,7 +79,7 @@ public function form(array $form, FormStateInterface $form_state) {
$form['roles'] = array(
'#type' => 'checkboxes',
'#title' => $this->t('Roles'),
- '#options' => array_map('\Drupal\Component\Utility\SafeMarkup::checkPlain', user_role_names()),
+ '#options' => user_role_names(),
'#disabled' => $is_fallback,
'#weight' => -10,
);
diff --git a/core/modules/node/src/Plugin/Search/NodeSearch.php b/core/modules/node/src/Plugin/Search/NodeSearch.php
index ce5ddb6..bdecea0 100644
--- a/core/modules/node/src/Plugin/Search/NodeSearch.php
+++ b/core/modules/node/src/Plugin/Search/NodeSearch.php
@@ -554,7 +554,6 @@ public function searchFormAlter(array &$form, FormStateInterface $form_state) {
);
// Add node types.
- $types = array_map(array('\Drupal\Component\Utility\SafeMarkup', 'checkPlain'), node_type_get_names());
$form['advanced']['types-fieldset'] = array(
'#type' => 'fieldset',
'#title' => t('Types'),
@@ -564,7 +563,7 @@ public function searchFormAlter(array &$form, FormStateInterface $form_state) {
'#title' => t('Only of the type(s)'),
'#prefix' => '',
'#suffix' => '
',
- '#options' => $types,
+ '#options' => node_type_get_names(),
'#default_value' => isset($defaults['type']) ? $defaults['type'] : array(),
);
diff --git a/core/modules/system/src/Tests/Entity/EntityReferenceSelection/EntityReferenceSelectionAccessTest.php b/core/modules/system/src/Tests/Entity/EntityReferenceSelection/EntityReferenceSelectionAccessTest.php
index 274df65..e6bd87b 100644
--- a/core/modules/system/src/Tests/Entity/EntityReferenceSelection/EntityReferenceSelectionAccessTest.php
+++ b/core/modules/system/src/Tests/Entity/EntityReferenceSelection/EntityReferenceSelectionAccessTest.php
@@ -8,7 +8,6 @@
namespace Drupal\system\Tests\Entity\EntityReferenceSelection;
use Drupal\comment\Tests\CommentTestTrait;
-use Drupal\Component\Utility\Html;
use Drupal\Core\Language\LanguageInterface;
use Drupal\comment\CommentInterface;
use Drupal\simpletest\WebTestBase;
@@ -110,7 +109,7 @@ public function testNodeHandler() {
$node = entity_create('node', $values);
$node->save();
$nodes[$key] = $node;
- $node_labels[$key] = Html::escape($node->label());
+ $node_labels[$key] = $node->label();
}
// Test as a non-admin.
@@ -241,7 +240,7 @@ public function testUserHandler() {
$account = $values;
}
$users[$key] = $account;
- $user_labels[$key] = Html::escape($account->getUsername());
+ $user_labels[$key] = $account->getUsername();
}
// Test as a non-admin.
@@ -416,7 +415,7 @@ public function testCommentHandler() {
$comment = entity_create('comment', $values);
$comment->save();
$comments[$key] = $comment;
- $comment_labels[$key] = Html::escape($comment->label());
+ $comment_labels[$key] = $comment->label();
}
// Test as a non-admin.
diff --git a/core/modules/system/src/Tests/Entity/EntityReferenceSelection/EntityReferenceSelectionSortTest.php b/core/modules/system/src/Tests/Entity/EntityReferenceSelection/EntityReferenceSelectionSortTest.php
index 98be261..dc3980c 100644
--- a/core/modules/system/src/Tests/Entity/EntityReferenceSelection/EntityReferenceSelectionSortTest.php
+++ b/core/modules/system/src/Tests/Entity/EntityReferenceSelection/EntityReferenceSelectionSortTest.php
@@ -7,7 +7,6 @@
namespace Drupal\system\Tests\Entity\EntityReferenceSelection;
-use Drupal\Component\Utility\Html;
use Drupal\node\Entity\Node;
use Drupal\node\Entity\NodeType;
use Drupal\system\Tests\Entity\EntityUnitTestBase;
@@ -93,7 +92,7 @@ public function testSort() {
$node = Node::create($values);
$node->save();
$nodes[$key] = $node;
- $node_labels[$key] = Html::escape($node->label());
+ $node_labels[$key] = $node->label();
}
$selection_options = array(
diff --git a/core/modules/system/src/Tests/Form/ElementTest.php b/core/modules/system/src/Tests/Form/ElementTest.php
index 6555a4f..2661667 100644
--- a/core/modules/system/src/Tests/Form/ElementTest.php
+++ b/core/modules/system/src/Tests/Form/ElementTest.php
@@ -62,6 +62,12 @@ function testOptions() {
}
}
+ // Verify that the choices are escaped as expected.
+ $this->assertEscaped("Special Char");
+ $this->assertEscaped("Special Char");
+ $this->assertRaw('Bar - checkboxes');
+ $this->assertRaw('Bar - radios');
+
// Enable customized option sub-elements.
$this->drupalGet('form-test/checkboxes-radios/customize');
diff --git a/core/modules/system/tests/modules/form_test/src/Form/FormTestCheckboxesRadiosForm.php b/core/modules/system/tests/modules/form_test/src/Form/FormTestCheckboxesRadiosForm.php
index 7bd4374..91ab9af 100644
--- a/core/modules/system/tests/modules/form_test/src/Form/FormTestCheckboxesRadiosForm.php
+++ b/core/modules/system/tests/modules/form_test/src/Form/FormTestCheckboxesRadiosForm.php
@@ -9,6 +9,7 @@
use Drupal\Core\Form\FormBase;
use Drupal\Core\Form\FormStateInterface;
+use Drupal\Core\Render\SafeString;
use Symfony\Component\HttpFoundation\JsonResponse;
/**
@@ -36,8 +37,8 @@ public function buildForm(array $form, FormStateInterface $form_state, $customiz
0 => 'Zero',
'foo' => 'Foo',
1 => 'One',
- 'bar' => 'Bar',
- '>' => 'Special Char',
+ 'bar' => $this->t('Bar - checkboxes'),
+ '>' => "Special Char",
),
);
if ($customize) {
@@ -60,8 +61,8 @@ public function buildForm(array $form, FormStateInterface $form_state, $customiz
0 => 'Zero',
'foo' => 'Foo',
1 => 'One',
- 'bar' => 'Bar',
- '>' => 'Special Char',
+ 'bar' => $this->t('Bar - radios'),
+ '>' => "Special Char",
),
);
if ($customize) {
diff --git a/core/modules/taxonomy/src/Plugin/EntityReferenceSelection/TermSelection.php b/core/modules/taxonomy/src/Plugin/EntityReferenceSelection/TermSelection.php
index ddf99ca..28bddff 100644
--- a/core/modules/taxonomy/src/Plugin/EntityReferenceSelection/TermSelection.php
+++ b/core/modules/taxonomy/src/Plugin/EntityReferenceSelection/TermSelection.php
@@ -7,7 +7,6 @@
namespace Drupal\taxonomy\Plugin\EntityReferenceSelection;
-use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Database\Query\SelectInterface;
use Drupal\Core\Entity\Plugin\EntityReferenceSelection\SelectionBase;
use Drupal\Core\Form\FormStateInterface;
@@ -73,7 +72,7 @@ public function getReferenceableEntities($match = NULL, $match_operator = 'CONTA
if ($vocabulary = Vocabulary::load($bundle)) {
if ($terms = $this->entityManager->getStorage('taxonomy_term')->loadTree($vocabulary->id(), 0, NULL, TRUE)) {
foreach ($terms as $term) {
- $options[$vocabulary->id()][$term->id()] = str_repeat('-', $term->depth) . SafeMarkup::checkPlain($term->getName());
+ $options[$vocabulary->id()][$term->id()] = str_repeat('-', $term->depth) . $term->getName();
}
}
}
diff --git a/core/modules/taxonomy/src/Plugin/views/filter/TaxonomyIndexTid.php b/core/modules/taxonomy/src/Plugin/views/filter/TaxonomyIndexTid.php
index 7adaa16..4a50d81 100644
--- a/core/modules/taxonomy/src/Plugin/views/filter/TaxonomyIndexTid.php
+++ b/core/modules/taxonomy/src/Plugin/views/filter/TaxonomyIndexTid.php
@@ -16,7 +16,6 @@
use Drupal\views\ViewExecutable;
use Drupal\views\Plugin\views\display\DisplayPluginBase;
use Drupal\views\Plugin\views\filter\ManyToOne;
-use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Tags;
use Symfony\Component\DependencyInjection\ContainerInterface;
@@ -183,7 +182,7 @@ protected function valueForm(&$form, FormStateInterface $form_state) {
if ($tree) {
foreach ($tree as $term) {
$choice = new \stdClass();
- $choice->option = array($term->id() => str_repeat('-', $term->depth) . SafeMarkup::checkPlain(\Drupal::entityManager()->getTranslationFromContext($term)->label()));
+ $choice->option = array($term->id() => str_repeat('-', $term->depth) . \Drupal::entityManager()->getTranslationFromContext($term)->label());
$options[] = $choice;
}
}
@@ -201,7 +200,7 @@ protected function valueForm(&$form, FormStateInterface $form_state) {
}
$terms = Term::loadMultiple($query->execute());
foreach ($terms as $term) {
- $options[$term->id()] = SafeMarkup::checkPlain(\Drupal::entityManager()->getTranslationFromContext($term)->label());
+ $options[$term->id()] = \Drupal::entityManager()->getTranslationFromContext($term)->label();
}
}
@@ -359,7 +358,7 @@ public function adminSummary() {
$this->value = array_filter($this->value);
$terms = Term::loadMultiple($this->value);
foreach ($terms as $term) {
- $this->valueOptions[$term->id()] = SafeMarkup::checkPlain(\Drupal::entityManager()->getTranslationFromContext($term)->label());
+ $this->valueOptions[$term->id()] = \Drupal::entityManager()->getTranslationFromContext($term)->label();
}
}
return parent::adminSummary();
diff --git a/core/modules/user/src/AccountForm.php b/core/modules/user/src/AccountForm.php
index 0bcfad9..2fdbcea 100644
--- a/core/modules/user/src/AccountForm.php
+++ b/core/modules/user/src/AccountForm.php
@@ -205,7 +205,7 @@ public function form(array $form, FormStateInterface $form_state) {
'#access' => $admin,
);
- $roles = array_map(array('\Drupal\Component\Utility\SafeMarkup', 'checkPlain'), user_role_names(TRUE));
+ $roles = user_role_names(TRUE);
$form['account']['roles'] = array(
'#type' => 'checkboxes',
diff --git a/core/modules/user/src/Plugin/views/access/Permission.php b/core/modules/user/src/Plugin/views/access/Permission.php
index fab8f88..479bb64 100644
--- a/core/modules/user/src/Plugin/views/access/Permission.php
+++ b/core/modules/user/src/Plugin/views/access/Permission.php
@@ -120,7 +120,7 @@ public function buildOptionsForm(&$form, FormStateInterface $form_state) {
foreach ($permissions as $perm => $perm_item) {
$provider = $perm_item['provider'];
$display_name = $this->moduleHandler->getName($provider);
- $perms[$display_name][$perm] = strip_tags($perm_item['title']);
+ $perms[$display_name][$perm] = $perm_item['title'];
}
$form['perm'] = array(
diff --git a/core/modules/user/src/Plugin/views/access/Role.php b/core/modules/user/src/Plugin/views/access/Role.php
index 4c2b732..a041ff0 100644
--- a/core/modules/user/src/Plugin/views/access/Role.php
+++ b/core/modules/user/src/Plugin/views/access/Role.php
@@ -115,7 +115,7 @@ public function buildOptionsForm(&$form, FormStateInterface $form_state) {
'#type' => 'checkboxes',
'#title' => $this->t('Role'),
'#default_value' => $this->options['role'],
- '#options' => array_map('\Drupal\Component\Utility\SafeMarkup::checkPlain', user_role_names()),
+ '#options' => user_role_names(),
'#description' => $this->t('Only the checked roles will be able to access this display.'),
);
}
diff --git a/core/modules/user/src/Plugin/views/argument_validator/User.php b/core/modules/user/src/Plugin/views/argument_validator/User.php
index ede8dd5..49277c8 100644
--- a/core/modules/user/src/Plugin/views/argument_validator/User.php
+++ b/core/modules/user/src/Plugin/views/argument_validator/User.php
@@ -65,7 +65,7 @@ public function buildOptionsForm(&$form, FormStateInterface $form_state) {
$form['roles'] = array(
'#type' => 'checkboxes',
'#title' => $this->t('Restrict to the selected roles'),
- '#options' => array_map(array('\Drupal\Component\Utility\SafeMarkup', 'checkPlain'), user_role_names(TRUE)),
+ '#options' => user_role_names(TRUE),
'#default_value' => $this->options['roles'],
'#description' => $this->t('If no roles are selected, users from any role will be allowed.'),
'#states' => array(
diff --git a/core/modules/user/src/Plugin/views/filter/Permissions.php b/core/modules/user/src/Plugin/views/filter/Permissions.php
index a637705..8b220d1 100644
--- a/core/modules/user/src/Plugin/views/filter/Permissions.php
+++ b/core/modules/user/src/Plugin/views/filter/Permissions.php
@@ -76,7 +76,7 @@ public function getValueOptions() {
foreach ($permissions as $perm => $perm_item) {
$provider = $perm_item['provider'];
$display_name = $this->moduleHandler->getName($provider);
- $this->valueOptions[$display_name][$perm] = SafeMarkup::checkPlain(strip_tags($perm_item['title']));
+ $this->valueOptions[$display_name][$perm] = $perm_item['title'];
}
}
else {
diff --git a/core/modules/views/src/Plugin/views/exposed_form/ExposedFormPluginBase.php b/core/modules/views/src/Plugin/views/exposed_form/ExposedFormPluginBase.php
index d17f70c..d4eb125 100644
--- a/core/modules/views/src/Plugin/views/exposed_form/ExposedFormPluginBase.php
+++ b/core/modules/views/src/Plugin/views/exposed_form/ExposedFormPluginBase.php
@@ -7,7 +7,6 @@
namespace Drupal\views\Plugin\views\exposed_form;
-use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Form\FormState;
use Drupal\Core\Form\FormStateInterface;
use Drupal\views\Form\ViewsExposedForm;
@@ -211,7 +210,7 @@ public function exposedFormAlter(&$form, FormStateInterface $form_state) {
$exposed_sorts = array();
foreach ($this->view->sort as $id => $handler) {
if ($handler->canExpose() && $handler->isExposed()) {
- $exposed_sorts[$id] = SafeMarkup::checkPlain($handler->options['expose']['label']);
+ $exposed_sorts[$id] = $handler->options['expose']['label'];
}
}
diff --git a/core/modules/views/src/Plugin/views/filter/FilterPluginBase.php b/core/modules/views/src/Plugin/views/filter/FilterPluginBase.php
index 8c716f1..fc082fe 100644
--- a/core/modules/views/src/Plugin/views/filter/FilterPluginBase.php
+++ b/core/modules/views/src/Plugin/views/filter/FilterPluginBase.php
@@ -595,13 +595,12 @@ public function buildExposeForm(&$form, FormStateInterface $form_state) {
'#default_value' => $this->options['expose']['remember'],
);
- $role_options = array_map('\Drupal\Component\Utility\SafeMarkup::checkPlain', user_role_names());
$form['expose']['remember_roles'] = array(
'#type' => 'checkboxes',
'#title' => $this->t('User roles'),
'#description' => $this->t('Remember exposed selection only for the selected user role(s). If you select no roles, the exposed data will never be stored.'),
'#default_value' => $this->options['expose']['remember_roles'],
- '#options' => $role_options,
+ '#options' => user_role_names(),
'#states' => array(
'invisible' => array(
':input[name="options[expose][remember]"]' => array('checked' => FALSE),