diff --git a/core/lib/Drupal/Component/Utility/SafeMarkup.php b/core/lib/Drupal/Component/Utility/SafeMarkup.php
index e7f3c63..4f11c49 100644
--- a/core/lib/Drupal/Component/Utility/SafeMarkup.php
+++ b/core/lib/Drupal/Component/Utility/SafeMarkup.php
@@ -133,7 +133,7 @@ public static function setMultiple(array $safe_strings) {
foreach ($strategies as $strategy => $value) {
$string = (string) $string;
if (is_numeric($value)) {
- static::set($string, $strategy);
+ static::$safeStrings[$string][$strategy] = $value;
}
else {
// Danger - something is very wrong.
@@ -154,7 +154,13 @@ public static function setMultiple(array $safe_strings) {
* self::set(), it won't be escaped again.
*/
public static function escape($string) {
- return static::isSafe($string) ? $string : static::checkPlain($string);
+ if (static::isSafe($string)) {
+ static::set($string);
+ return $string;
+ }
+ else {
+ return static::checkPlain($string);
+ }
}
/**
@@ -170,7 +176,13 @@ public static function escape($string) {
* @see \Drupal\Component\Utility\Xss::filterAdmin()
*/
public static function checkAdminXss($string) {
- return static::isSafe($string) ? $string : Xss::filterAdmin($string);
+ if (static::isSafe($string)) {
+ static::set($string);
+ return $string;
+ }
+ else {
+ return static::set(Xss::filterAdmin($string));
+ }
}
/**
diff --git a/core/lib/Drupal/Core/Render/MainContent/HtmlRenderer.php b/core/lib/Drupal/Core/Render/MainContent/HtmlRenderer.php
index e5cdd87..5e5bf00 100644
--- a/core/lib/Drupal/Core/Render/MainContent/HtmlRenderer.php
+++ b/core/lib/Drupal/Core/Render/MainContent/HtmlRenderer.php
@@ -9,6 +9,7 @@
use Drupal\Component\Plugin\PluginManagerInterface;
use Drupal\Component\Utility\NestedArray;
+use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Cache\CacheableMetadata;
use Drupal\Core\Cache\CacheableResponse;
use Drupal\Core\Cache\CacheContextsManager;
@@ -263,7 +264,7 @@ protected function prepare(array $main_content, Request $request, RouteMatchInte
// Determine the title: use the title provided by the main content if any,
// otherwise get it from the routing information.
- $title = isset($main_content['#title']) ? $main_content['#title'] : $this->titleResolver->getTitle($request, $route_match->getRouteObject());
+ $title = isset($main_content['#title']) ? SafeMarkup::set($main_content['#title']) : $this->titleResolver->getTitle($request, $route_match->getRouteObject());
return [$page, $title];
}
diff --git a/core/modules/filter/src/Tests/FilterAdminTest.php b/core/modules/filter/src/Tests/FilterAdminTest.php
index 1dccd5d..02045bc 100644
--- a/core/modules/filter/src/Tests/FilterAdminTest.php
+++ b/core/modules/filter/src/Tests/FilterAdminTest.php
@@ -372,8 +372,8 @@ function testFilterTipHtmlEscape() {
// Therefore we test only some parts.
$link = '' . SafeMarkup::checkPlain(\Drupal::config('system.site')->get('name')) . '';
$ampersand = '&';
- $link_as_code = '' . $link . '';
- $ampersand_as_code = '' . $ampersand . '';
+ $link_as_code = '' . SafeMarkup::checkPlain($link) . '';
+ $ampersand_as_code = '' . SafeMarkup::checkPlain($ampersand) . '';
$this->drupalGet('filter/tips');
diff --git a/core/modules/system/src/Tests/Theme/FunctionsTest.php b/core/modules/system/src/Tests/Theme/FunctionsTest.php
index a9a3dae..25721bb 100644
--- a/core/modules/system/src/Tests/Theme/FunctionsTest.php
+++ b/core/modules/system/src/Tests/Theme/FunctionsTest.php
@@ -167,24 +167,7 @@ function testItemList() {
$this->assertThemeOutput('item_list', $variables, $expected);
}
- /**
- * Tests links.html.twig.
- */
- function testLinks() {
- // Turn off the query for the _l() function to compare the active
- // link correctly.
- $original_query = \Drupal::request()->query->all();
- \Drupal::request()->query->replace(array());
- // Verify that empty variables produce no output.
- $variables = array();
- $expected = '';
- $this->assertThemeOutput('links', $variables, $expected, 'Empty %callback generates no output.');
-
- $variables = array();
- $variables['heading'] = 'Some title';
- $expected = '';
- $this->assertThemeOutput('links', $variables, $expected, 'Empty %callback with heading generates no output.');
-
+ protected function getVariables() {
// Verify that a list of links is properly rendered.
$variables = array();
$variables['attributes'] = array('id' => 'somelinks');
@@ -215,6 +198,26 @@ function testLinks() {
)
),
);
+ return $variables;
+ }
+
+ /**
+ * Tests links.html.twig.
+ */
+ function testLinks() {
+ // Turn off the query for the _l() function to compare the active
+ // link correctly.
+ $original_query = \Drupal::request()->query->all();
+ \Drupal::request()->query->replace(array());
+ // Verify that empty variables produce no output.
+ $variables = array();
+ $expected = '';
+ $this->assertThemeOutput('links', $variables, $expected, 'Empty %callback generates no output.');
+
+ $variables = array();
+ $variables['heading'] = 'Some title';
+ $expected = '';
+ $this->assertThemeOutput('links', $variables, $expected, 'Empty %callback with heading generates no output.');
$expected_links = '';
$expected_links .= '';
@@ -228,6 +231,7 @@ function testLinks() {
$expected_links .= '
';
// Verify that passing a string as heading works.
+ $variables = $this->getVariables();
$variables['heading'] = 'Links heading';
$expected_heading = 'Links heading
';
$expected = $expected_heading . $expected_links;
@@ -237,6 +241,8 @@ function testLinks() {
\Drupal::request()->query->replace($original_query);
// Verify that passing an array as heading works (core support).
+
+ $variables = $this->getVariables();
$variables['heading'] = array(
'text' => 'Links heading',
'level' => 'h3',
@@ -247,12 +253,15 @@ function testLinks() {
$this->assertThemeOutput('links', $variables, $expected);
// Verify that passing attributes for the heading works.
+ $variables = $this->getVariables();
$variables['heading'] = array('text' => 'Links heading', 'level' => 'h3', 'attributes' => array('id' => 'heading'));
$expected_heading = 'Links heading
';
$expected = $expected_heading . $expected_links;
$this->assertThemeOutput('links', $variables, $expected);
// Verify that passing attributes for the links work.
+ $variables = $this->getVariables();
+ $variables['heading'] = array('text' => 'Links heading', 'level' => 'h3', 'attributes' => array('id' => 'heading'));
$variables['links']['plain text']['attributes'] = array(
'class' => array('a/class'),
);
@@ -271,7 +280,12 @@ function testLinks() {
// Verify the data- attributes for setting the "active" class on links.
\Drupal::currentUser()->setAccount(new UserSession(array('uid' => 1)));
+ $variables = $this->getVariables();
+ $variables['heading'] = array('text' => 'Links heading', 'level' => 'h3', 'attributes' => array('id' => 'heading'));
$variables['set_active_class'] = TRUE;
+ $variables['links']['plain text']['attributes'] = array(
+ 'class' => array('a/class'),
+ );
$expected_links = '';
$expected_links .= '';
$expected_links .= '- ' . SafeMarkup::checkPlain('A ') . '
';
diff --git a/core/tests/Drupal/Tests/Core/Form/FormCacheTest.php b/core/tests/Drupal/Tests/Core/Form/FormCacheTest.php
index 1d9a67a..c5a43ea 100644
--- a/core/tests/Drupal/Tests/Core/Form/FormCacheTest.php
+++ b/core/tests/Drupal/Tests/Core/Form/FormCacheTest.php
@@ -347,7 +347,7 @@ public function testLoadCachedFormStateWithSafeStrings() {
->willReturn(TRUE);
$cached_form_state = ['build_info' => ['safe_strings' => [
- 'a_safe_string' => ['html' => TRUE],
+ 'a_safe_string' => ['html' => 1],
]]];
$this->formStateCacheStore->expects($this->once())
->method('get')
@@ -448,7 +448,7 @@ public function testSetCacheWithSafeStrings() {
$form_state_data = $form_state->getCacheableArray();
$form_state_data['build_info']['safe_strings'] = [
- 'a_safe_string' => ['html' => TRUE],
+ 'a_safe_string' => ['html' => 1],
];
$this->formStateCacheStore->expects($this->once())
->method('setWithExpire')