diff --git a/core/modules/editor/src/EditorXssFilter/Standard.php b/core/modules/editor/src/EditorXssFilter/Standard.php
index c746dd3..e79ca19 100644
--- a/core/modules/editor/src/EditorXssFilter/Standard.php
+++ b/core/modules/editor/src/EditorXssFilter/Standard.php
@@ -105,9 +105,9 @@ protected static function filterXssDataAttributes($html) {
$dom = Html::load($html);
$xpath = new \DOMXPath($dom);
foreach ($xpath->query('//@*[starts-with(name(.), "data-")]') as $node) {
- // Decode, filter, encode.
- $value = String::decodeEntities($node->value);
- $value = Xss::filterAdmin($value);
+ // Decode, filter, encode. There is no need to explicitly decode
+ // $node->value, since DOMAttr holds the decoded value.
+ $value = Xss::filterAdmin($node->value);
$node->value = SafeMarkup::checkPlain($value);
}
$html = Html::serialize($dom);
diff --git a/core/modules/editor/tests/src/Unit/EditorXssFilter/StandardTest.php b/core/modules/editor/tests/src/Unit/EditorXssFilter/StandardTest.php
index 07aac20..a379c6f 100644
--- a/core/modules/editor/tests/src/Unit/EditorXssFilter/StandardTest.php
+++ b/core/modules/editor/tests/src/Unit/EditorXssFilter/StandardTest.php
@@ -515,7 +515,7 @@ public function providerTestFilterXss() {
// Test XSS filtering on data-attributes.
// @see \Drupal\editor\EditorXssFilter::filterXssDataAttributes()
$data[] = array('
', '
');
- $data[] = array('
', '
');
+ $data[] = array('
', '
');
$data[] = array('
', '
');
return $data;