diff --git a/core/modules/views/src/Plugin/views/HandlerBase.php b/core/modules/views/src/Plugin/views/HandlerBase.php index 8396c6bbf6..50367058ec 100644 --- a/core/modules/views/src/Plugin/views/HandlerBase.php +++ b/core/modules/views/src/Plugin/views/HandlerBase.php @@ -2,6 +2,7 @@ namespace Drupal\views\Plugin\views; +use Drupal\Component\Render\MarkupInterface; use Drupal\Component\Utility\Html; use Drupal\Component\Utility\Unicode; use Drupal\Component\Utility\UrlHelper; @@ -193,6 +194,9 @@ public function getField($field = NULL) { * {@inheritdoc} */ public function sanitizeValue($value, $type = NULL) { + if ($value instanceof MarkupInterface) { + return $value; + } switch ($type) { case 'xss': $value = Xss::filter($value); diff --git a/core/modules/views/tests/src/Unit/Plugin/HandlerBaseTest.php b/core/modules/views/tests/src/Unit/Plugin/HandlerBaseTest.php index 12b7ca1998..9f77b98bb8 100644 --- a/core/modules/views/tests/src/Unit/Plugin/HandlerBaseTest.php +++ b/core/modules/views/tests/src/Unit/Plugin/HandlerBaseTest.php @@ -7,6 +7,8 @@ namespace Drupal\Tests\views\Unit\Plugin; +use Drupal\Component\Render\MarkupInterface; +use Drupal\Core\Render\Markup; use Drupal\Tests\UnitTestCase; use Drupal\views\Plugin\views\HandlerBase; @@ -91,6 +93,50 @@ public function testGetEntityTypeForFieldWithRelationship() { $this->assertEquals('test_other_entity_type', $handler->getEntityType()); } + /** + * Test the value sanitization. + * + * @param mixed $value + * Value to sanitize. + * @param string $expected + * Expected string to match the sanitized value. + * @param string|null $type + * Type of sanitization to use. + * + * @covers ::sanitizeValue + * @dataProvider providerTestSanitizeValue + */ + public function testSanitizeValue($value, $expected, $type = NULL) { + $handler = new TestHandler([], 'test_handler', []); + $result = $handler->sanitizeValue($value, $type); + $this->assertInstanceOf(MarkupInterface::class, $result); + $this->assertEquals((string) $expected, (string) $result); + } + + /** + * Data provider for ::testSanitizeValue(). + * + * @return array + * Test data. + */ + public function providerTestSanitizeValue() { + return [ + ['<><"\'', '<>&lt;"''], + [Markup::create('<><"\''), '<><"\''], + ['javascript:localhost:data:http://localhost:80/', 'http://localhost:80/', 'url'], + [ + 'Test', + 'Test', + 'xss', + ], + [ + 'Test', + 'Test', + 'xss_admin', + ], + ]; + } + } /**