diff --git a/src/Item/FieldTrait.php b/src/Item/FieldTrait.php index 727c6ab..e060848 100644 --- a/src/Item/FieldTrait.php +++ b/src/Item/FieldTrait.php @@ -8,7 +8,6 @@ namespace Drupal\search_api\Item; use Drupal\Component\Render\FormattableMarkup; -use Drupal\Component\Utility\Html; use Drupal\search_api\Entity\Index; use Drupal\search_api\IndexInterface; use Drupal\search_api\SearchApiException; @@ -318,7 +317,7 @@ trait FieldTrait { if (isset($this->datasourceId)) { $this->labelPrefix = $this->datasourceId; try { - $this->labelPrefix = Html::escape($this->getDatasource()->label()); + $this->labelPrefix = $this->getDatasource()->label(); } catch (SearchApiException $e) { watchdog_exception('search_api', $e); @@ -326,7 +325,7 @@ trait FieldTrait { $this->labelPrefix .= ' ยป '; } } - return $this->labelPrefix . Html::escape($this->getLabel()); + return $this->labelPrefix . $this->getLabel(); } /** diff --git a/src/Processor/FieldsProcessorPluginBase.php b/src/Processor/FieldsProcessorPluginBase.php index c87e5c0..340a4ab 100644 --- a/src/Processor/FieldsProcessorPluginBase.php +++ b/src/Processor/FieldsProcessorPluginBase.php @@ -7,6 +7,7 @@ namespace Drupal\search_api\Processor; +use Drupal\Component\Utility\Html; use Drupal\Core\Form\FormStateInterface; use Drupal\Core\Render\Element; use Drupal\search_api\Item\FieldInterface; @@ -54,7 +55,7 @@ abstract class FieldsProcessorPluginBase extends ProcessorPluginBase { } foreach ($fields as $name => $field) { if ($this->testType($field->getType())) { - $field_options[$name] = $field->getPrefixedLabel(); + $field_options[$name] = Html::escape($field->getPrefixedLabel()); if (!isset($this->configuration['fields']) && $this->testField($name, $field)) { $default_fields[$name] = $name; } diff --git a/src/Tests/IntegrationTest.php b/src/Tests/IntegrationTest.php index f72e5ff..b6bd6ac 100644 --- a/src/Tests/IntegrationTest.php +++ b/src/Tests/IntegrationTest.php @@ -140,20 +140,20 @@ class IntegrationTest extends WebTestBase { $edit = array('fields[entity:node/field__field_][indexed]' => 1); $this->drupalGet($this->getIndexPath('fields')); $this->drupalPostForm(NULL, $edit, $this->t('Save changes')); - $this->checkHtmlEscaping($field_name); + $this->assertHtmlEscaped($field_name); $edit = array( 'datasource_configs[entity:node][default]' => 1, ); $this->drupalGet($this->getIndexPath('edit')); - $this->checkHtmlEscaping($content_type_name); + $this->assertHtmlEscaped($content_type_name); $this->drupalPostForm(NULL, $edit, $this->t('Save')); $edit = array('status[ignore_character]' => 1); $this->drupalGet($this->getIndexPath('processors')); $this->drupalPostForm(NULL, $edit, $this->t('Save')); - $this->checkHtmlEscaping($content_type_name); - $this->checkHtmlEscaping($field_name); + $this->assertHtmlEscaped($content_type_name); + $this->assertHtmlEscaped($field_name); } /** @@ -199,12 +199,12 @@ class IntegrationTest extends WebTestBase { $this->assertText($this->t('The server was successfully saved.')); $this->assertUrl('admin/config/search/search-api/server/' . $this->serverId, array(), 'Correct redirect to server page.'); - $this->checkHtmlEscaping($server_name); - $this->checkHtmlEscaping($server_description); + $this->assertHtmlEscaped($server_name); + $this->assertHtmlEscaped($server_description); $this->drupalGet('admin/config/search/search-api'); - $this->checkHtmlEscaping($server_name); - $this->checkHtmlEscaping($server_description); + $this->assertHtmlEscaped($server_name); + $this->assertHtmlEscaped($server_description); } /** @@ -242,10 +242,10 @@ class IntegrationTest extends WebTestBase { $this->assertText($this->t('The index was successfully saved.')); $this->assertUrl($this->getIndexPath(), array(), 'Correct redirect to index page.'); - $this->checkHtmlEscaping($index_name); + $this->assertHtmlEscaped($index_name); $this->drupalGet($this->getIndexPath('edit')); - $this->checkHtmlEscaping($index_name); + $this->assertHtmlEscaped($index_name); $this->indexStorage->resetCache(array($this->indexId)); /** @var $index \Drupal\search_api\IndexInterface */ @@ -276,8 +276,8 @@ class IntegrationTest extends WebTestBase { $this->assertUrl($index->urlInfo('fields'), array(), 'Correct redirect to index fields page.'); $this->drupalGet('admin/config/search/search-api'); - $this->checkHtmlEscaping($index_name); - $this->checkHtmlEscaping($index_description); + $this->assertHtmlEscaped($index_name); + $this->assertHtmlEscaped($index_description); } /** @@ -739,12 +739,15 @@ class IntegrationTest extends WebTestBase { } /** - * Test for how well a string is escaped. + * Ensures that all occurrences of the string are properly escaped. + * + * This makes sure that the string is only mentioned in an escaped version and + * is never double escaped. * * @param string $string - * The text to check for. + * The raw string to check for. */ - protected function checkHtmlEscaping($string) { + protected function assertHtmlEscaped($string) { $this->assertRaw(Html::escape($string)); $this->assertNoRaw(Html::escape(Html::escape($string))); $this->assertNoRaw($string);