diff --git a/core/modules/views/src/Plugin/views/HandlerBase.php b/core/modules/views/src/Plugin/views/HandlerBase.php
index 8396c6bbf6..50367058ec 100644
--- a/core/modules/views/src/Plugin/views/HandlerBase.php
+++ b/core/modules/views/src/Plugin/views/HandlerBase.php
@@ -2,6 +2,7 @@
namespace Drupal\views\Plugin\views;
+use Drupal\Component\Render\MarkupInterface;
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\UrlHelper;
@@ -193,6 +194,9 @@ public function getField($field = NULL) {
* {@inheritdoc}
*/
public function sanitizeValue($value, $type = NULL) {
+ if ($value instanceof MarkupInterface) {
+ return $value;
+ }
switch ($type) {
case 'xss':
$value = Xss::filter($value);
diff --git a/core/modules/views/tests/src/Unit/Plugin/HandlerBaseTest.php b/core/modules/views/tests/src/Unit/Plugin/HandlerBaseTest.php
index 12b7ca1998..9f77b98bb8 100644
--- a/core/modules/views/tests/src/Unit/Plugin/HandlerBaseTest.php
+++ b/core/modules/views/tests/src/Unit/Plugin/HandlerBaseTest.php
@@ -7,6 +7,8 @@
namespace Drupal\Tests\views\Unit\Plugin;
+use Drupal\Component\Render\MarkupInterface;
+use Drupal\Core\Render\Markup;
use Drupal\Tests\UnitTestCase;
use Drupal\views\Plugin\views\HandlerBase;
@@ -91,6 +93,50 @@ public function testGetEntityTypeForFieldWithRelationship() {
$this->assertEquals('test_other_entity_type', $handler->getEntityType());
}
+ /**
+ * Test the value sanitization.
+ *
+ * @param mixed $value
+ * Value to sanitize.
+ * @param string $expected
+ * Expected string to match the sanitized value.
+ * @param string|null $type
+ * Type of sanitization to use.
+ *
+ * @covers ::sanitizeValue
+ * @dataProvider providerTestSanitizeValue
+ */
+ public function testSanitizeValue($value, $expected, $type = NULL) {
+ $handler = new TestHandler([], 'test_handler', []);
+ $result = $handler->sanitizeValue($value, $type);
+ $this->assertInstanceOf(MarkupInterface::class, $result);
+ $this->assertEquals((string) $expected, (string) $result);
+ }
+
+ /**
+ * Data provider for ::testSanitizeValue().
+ *
+ * @return array
+ * Test data.
+ */
+ public function providerTestSanitizeValue() {
+ return [
+ ['<><"\'', '<><"''],
+ [Markup::create('<><"\''), '<><"\''],
+ ['javascript:localhost:data:http://localhost:80/', 'http://localhost:80/', 'url'],
+ [
+ 'Test',
+ 'Test',
+ 'xss',
+ ],
+ [
+ 'Test',
+ 'Test',
+ 'xss_admin',
+ ],
+ ];
+ }
+
}
/**