diff --git a/core/includes/theme.inc b/core/includes/theme.inc
index ace6a1b..64289f4 100644
--- a/core/includes/theme.inc
+++ b/core/includes/theme.inc
@@ -1082,7 +1082,7 @@ function template_preprocess_item_list(&$variables) {
function template_preprocess_inline_list(&$variables) {
// Since the separator may be user-specified, it must be filtered to permit
// some HTML (such as
) to pass through.
- $variables['separator'] = SafeString::create(Xss::filterAdmin($variables['separator']));
+ $variables['separator'] = SafeString::create(Xss::filter($variables['separator'], ['br']));
}
/**
diff --git a/core/modules/system/src/Tests/Theme/FunctionsTest.php b/core/modules/system/src/Tests/Theme/FunctionsTest.php
index 2910692..4442986 100644
--- a/core/modules/system/src/Tests/Theme/FunctionsTest.php
+++ b/core/modules/system/src/Tests/Theme/FunctionsTest.php
@@ -189,21 +189,21 @@ function testInlineList() {
$expected = 'Rabbit, rabbit, rabbit';
$this->assertThemeOutput('inline_list', $variables, $expected, '%callback does not print empty text when there are list items.');
- // Verify that a non-default separator is rendered
+ // Verify that a non-default separator is rendered.
$variables = array();
$variables['items'] = array('Un', 'Deux', 'Trois');
$variables['separator'] = ' and ';
$expected = 'Un and Deux and Trois';
$this->assertThemeOutput('inline_list', $variables, $expected, '%callback uses a custom separator when provided.');
- // Verify that HTML separators are properly rendered
+ // Verify that HTML separators are properly rendered.
$variables = array();
$variables['items'] = array('Doe', 'Buck', 'Kit');
$variables['separator'] = '
';
$expected = 'Doe
Buck
Kit';
$this->assertThemeOutput('inline_list', $variables, $expected, '%callback allows HTML in user-provided separators.');
- // Verify that the separator is sanitized
+ // Verify that the separator is sanitized.
$variables = array();
$variables['items'] = array('Un', 'Deux', 'Trois');
$variables['separator'] = '';