diff --git a/core/lib/Drupal/Core/Utility/LinkGenerator.php b/core/lib/Drupal/Core/Utility/LinkGenerator.php
index 78a4af1..128dafd 100644
--- a/core/lib/Drupal/Core/Utility/LinkGenerator.php
+++ b/core/lib/Drupal/Core/Utility/LinkGenerator.php
@@ -125,14 +125,12 @@ public function generate($text, Url $url, $collect_cacheability_metadata = FALSE
// Allow other modules to modify the structure of the link.
$this->moduleHandler->alter('link', $variables);
- // Move attributes out of options. generateFromRoute(() doesn't need them,
- // including a placeholder for the href.
+ // Move attributes out of options since generateFromRoute() doesn't need
+ // them. Include a placeholder for the href.
$attributes = array('href' => '') + $variables['options']['attributes'];
unset($variables['options']['attributes']);
$url->setOptions($variables['options']);
- // The result of the url generator is a plain-text URL. We format it with
- //SafeMarkup::format() because we are using it an HTML argument context.
if (!$collect_cacheability_metadata) {
$url_string = $url->toString($collect_cacheability_metadata);
}
@@ -141,6 +139,8 @@ public function generate($text, Url $url, $collect_cacheability_metadata = FALSE
$url_string = $generated_url->getGeneratedUrl();
$generated_link = GeneratedLink::createFromObject($generated_url);
}
+ // The result of the URL generator is a plain-text URL to use as the href
+ // attribute, and it is escaped by \Drupal\Core\Template\Attribute.
$attributes['href'] = $url_string;
$result = SafeMarkup::format('@text', array('@attributes' => new Attribute($attributes), '@text' => $variables['text']));
diff --git a/core/tests/Drupal/Tests/Core/Utility/LinkGeneratorTest.php b/core/tests/Drupal/Tests/Core/Utility/LinkGeneratorTest.php
index d9130e0..fde662c 100644
--- a/core/tests/Drupal/Tests/Core/Utility/LinkGeneratorTest.php
+++ b/core/tests/Drupal/Tests/Core/Utility/LinkGeneratorTest.php
@@ -364,16 +364,19 @@ public function testGenerateWithHtml() {
),
), $result);
- // Test that safe HTML is output inside the anchor tag unescaped.
+ // Test that safe HTML is output inside the anchor tag unescaped. The
+ // SafeMarkup::set() call is an intentional unit test for the interaction
+ // between SafeMarkup and the LinkGenerator.
$url = new Url('test_route_5', array());
$url->setUrlGenerator($this->urlGenerator);
- $result = $this->linkGenerator->generate(SafeMarkup::checkAdminXss('HTML output'), $url);
+ $result = $this->linkGenerator->generate(SafeMarkup::set('HTML output'), $url);
$this->assertLink(array(
'attributes' => array('href' => '/test-route-5'),
'child' => array(
'tag' => 'em',
),
), $result);
+ $this->assertTrue(strpos($result, 'HTML output') !== FALSE);
}
/**