diff --git a/core/modules/color/color.module b/core/modules/color/color.module index c664570..2cd7d6c 100644 --- a/core/modules/color/color.module +++ b/core/modules/color/color.module @@ -9,6 +9,7 @@ use Drupal\Component\Utility\Bytes; use Drupal\Component\Utility\Environment; use Drupal\Component\Utility\SafeMarkup; +use Drupal\Component\Utility\Xss; use Drupal\Core\Cache\Cache; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Language\LanguageInterface; @@ -284,7 +285,7 @@ function template_preprocess_color_scheme_form(&$variables) { // Attempt to load preview HTML if the theme provides it. $preview_html_path = \Drupal::root() . '/' . (isset($info['preview_html']) ? drupal_get_path('theme', $theme) . '/' . $info['preview_html'] : drupal_get_path('module', 'color') . '/preview.html'); - $variables['html_preview'] = SafeMarkup::checkAdminXss(file_get_contents($preview_html_path)); + $variables['html_preview'] = Xss::filterAdmin(file_get_contents($preview_html_path)); } /** diff --git a/core/modules/color/src/Tests/ColorSafePreviewTest.php b/core/modules/color/src/Tests/ColorSafePreviewTest.php new file mode 100644 index 0000000..5e0935f --- /dev/null +++ b/core/modules/color/src/Tests/ColorSafePreviewTest.php @@ -0,0 +1,65 @@ +bigUser = $this->drupalCreateUser(array('administer themes')); + } + + /** + * Ensures color preview.html is sanitized. + */ + function testTwigCacheOverride() { + $theme_handler = $this->container->get('theme_handler'); + $theme_handler->install(array('test_color_theme')); + $theme_handler->setDefault('test_color_theme'); + + // The registry still works on theme globals, so set them here. + \Drupal::theme()->setActiveTheme(\Drupal::service('theme.initialization')->getActiveThemeByName('test_color_theme')); + + // Reset the theme registry, so that the new theme is used. + $this->container->set('theme.registry', NULL); + + $settings_path = 'admin/appearance/settings/test_color_theme'; + + $this->drupalLogin($this->bigUser); + $this->drupalGet($settings_path); + $this->assertText('TEST COLOR PREVIEW'); + } + + +} diff --git a/core/modules/color/tests/themes/test_color_theme/color/color.inc b/core/modules/color/tests/themes/test_color_theme/color/color.inc new file mode 100644 index 0000000..d71dd18 --- /dev/null +++ b/core/modules/color/tests/themes/test_color_theme/color/color.inc @@ -0,0 +1,23 @@ + array( + 'bg' => t('Main background'), + 'text' => t('Text color'), + ), + 'schemes' => array( + 'default' => array( + 'title' => t('Default'), + 'colors' => array( + 'bg' => '#ff0000', + 'text' => '#0000ff', + ), + ), + ), + 'preview_html' => 'color/preview.html', +); diff --git a/core/modules/color/tests/themes/test_color_theme/color/preview.html b/core/modules/color/tests/themes/test_color_theme/color/preview.html new file mode 100644 index 0000000..a0aab0b --- /dev/null +++ b/core/modules/color/tests/themes/test_color_theme/color/preview.html @@ -0,0 +1,7 @@ +
+
+

TEST COLOR PREVIEW

+

Sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

+
+
+
diff --git a/core/modules/color/tests/themes/test_color_theme/test_color_theme.info.yml b/core/modules/color/tests/themes/test_color_theme/test_color_theme.info.yml new file mode 100644 index 0000000..7a77471 --- /dev/null +++ b/core/modules/color/tests/themes/test_color_theme/test_color_theme.info.yml @@ -0,0 +1,10 @@ +name: 'Test color theme' +type: theme +description: 'Theme for testing the color module' +version: VERSION +base theme: classy +core: 8.x +regions: + content: Content + left: Left + right: Right