diff -u b/core/lib/Drupal/Component/Utility/SafeMarkup.php b/core/lib/Drupal/Component/Utility/SafeMarkup.php --- b/core/lib/Drupal/Component/Utility/SafeMarkup.php +++ b/core/lib/Drupal/Component/Utility/SafeMarkup.php @@ -153,14 +153,23 @@ } /** - * @todo Document this function. + * Filters field separators. + * + * Strings smaller than 3 characters will not be set as safe. * * @param string $string + * A string. * - * @return SafeMarkup|string + * @return string + * The escaped string, which is marked as safe if greater than 2 characters. */ - public static function filterSeparator($string) { - return twig_drupal_join_filter(array($string)); + public static function filterSeparator($string) {; + if (strlen($string) < 3) { + return ''; + } + $output = SafeMarkup::escape($string); + return SafeMarkup::set($output); + } /** only in patch2: unchanged: --- a/core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php +++ b/core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php @@ -101,4 +101,20 @@ public function testInvalidSetMultiple() { SafeMarkup::setMultiple($texts); } + /** + * Tests SafeMarkup::filterSeparator(). + * + * @covers ::filterSeparator + */ + public function testFilterSeparator() { + $returned = SafeMarkup::filterSeparator('
'); + $this->assertEquals('<br />', $returned, 'Separator string "
" was escaped.'); + $this->assertTrue(SafeMarkup::isSafe($returned), 'Separator string "
" was marked as safe'); + $returned = SafeMarkup::filterSeparator('---'); + $this->assertEquals('---', $returned, 'Separator string "---" was not modified by the filter'); + $this->assertTrue(SafeMarkup::isSafe($returned), 'Separator string "---" was marked as safe'); + $returned = SafeMarkup::filterSeparator('<'); + $this->assertEquals('', $returned, 'Separator string "<" is unsafe and was stripped'); + $this->assertFalse(SafeMarkup::isSafe($returned), 'Separator string "<" was not marked as safe'); + } }