diff --git a/core/modules/views/config/schema/views.data_types.schema.yml b/core/modules/views/config/schema/views.data_types.schema.yml
index e69060d..3e1c25b 100644
--- a/core/modules/views/config/schema/views.data_types.schema.yml
+++ b/core/modules/views/config/schema/views.data_types.schema.yml
@@ -27,6 +27,9 @@ views_display:
provider:
type: string
label: 'Provider'
+ dependencies:
+ type: config_dependencies
+ label: 'Dependencies'
exposed_form:
type: mapping
label: 'Exposed form'
@@ -40,6 +43,9 @@ views_display:
provider:
type: string
label: 'Provider'
+ dependencies:
+ type: config_dependencies
+ label: 'Dependencies'
access:
type: mapping
label: 'Access'
@@ -52,6 +58,9 @@ views_display:
provider:
type: string
label: 'Provider'
+ dependencies:
+ type: config_dependencies
+ label: 'Dependencies'
cache:
type: views.cache.[type]
empty:
@@ -99,6 +108,9 @@ views_display:
provider:
type: string
label: 'Provider'
+ dependencies:
+ type: config_dependencies
+ label: 'Dependencies'
row:
type: mapping
label: 'Row'
@@ -111,6 +123,9 @@ views_display:
provider:
type: string
label: 'Provider'
+ dependencies:
+ type: config_dependencies
+ label: 'Dependencies'
query:
type: mapping
label: 'Query'
@@ -123,6 +138,9 @@ views_display:
provider:
type: string
label: 'Provider'
+ dependencies:
+ type: config_dependencies
+ label: 'Dependencies'
defaults:
type: mapping
label: 'Defaults'
@@ -883,3 +901,6 @@ views_cache:
provider:
type: string
label: 'Provider'
+ dependencies:
+ type: config_dependencies
+ label: 'Dependencies'
diff --git a/core/modules/views_ui/src/Tests/XssTest.php b/core/modules/views_ui/src/Tests/XssTest.php
new file mode 100644
index 0000000..36c0069
--- /dev/null
+++ b/core/modules/views_ui/src/Tests/XssTest.php
@@ -0,0 +1,34 @@
+drupalGet('admin/structure/views');
+ $this->assertRaw('<script>alert("foo");</script>, <marquee>test</marquee>', 'The view tag is properly escaped.');
+
+ $this->drupalGet('admin/structure/views/view/sa_contrib_2013_035');
+ $this->assertRaw('<marquee>test</marquee>', 'Field admin label is properly escaped.');
+
+ $this->drupalGet('admin/structure/views/nojs/handler/sa_contrib_2013_035/page_1/header/area');
+ $this->assertRaw('[title] == <marquee>test</marquee>', 'Token label is properly escaped.');
+ $this->assertRaw('[title_1] == <script>alert("XSS")</script>', 'Token label is properly escaped.');
+ }
+
+}
diff --git a/core/modules/views_ui/tests/modules/views_ui_test/config/install/views.view.sa_contrib_2013_035.yml b/core/modules/views_ui/tests/modules/views_ui_test/config/install/views.view.sa_contrib_2013_035.yml
new file mode 100644
index 0000000..5972d15
--- /dev/null
+++ b/core/modules/views_ui/tests/modules/views_ui_test/config/install/views.view.sa_contrib_2013_035.yml
@@ -0,0 +1,215 @@
+uuid: 93005672-5b8a-4a7a-9342-6651552bb753
+langcode: en
+status: true
+dependencies:
+ module:
+ - node
+id: sa_contrib_2013_035
+label: SA_CONTRIB_2013_035
+module: views
+description: ''
+tag: ', '
+base_table: node
+base_field: nid
+core: 8.x
+display:
+ default:
+ display_plugin: default
+ id: default
+ display_title: Master
+ position: 0
+ provider: views
+ display_options:
+ access:
+ type: perm
+ options:
+ perm: 'access content'
+ provider: user
+ dependencies: { }
+ cache:
+ type: none
+ options: { }
+ provider: views
+ dependencies: { }
+ query:
+ type: views_query
+ options:
+ disable_sql_rewrite: false
+ distinct: false
+ replica: false
+ query_comment: false
+ query_tags: { }
+ provider: views
+ dependencies: { }
+ exposed_form:
+ type: basic
+ options:
+ submit_button: Apply
+ reset_button: false
+ reset_button_label: Reset
+ exposed_sorts_label: 'Sort by'
+ expose_sort_order: true
+ sort_asc_label: Asc
+ sort_desc_label: Desc
+ provider: views
+ dependencies: { }
+ pager:
+ type: none
+ options:
+ offset: 0
+ provider: views
+ style:
+ type: default
+ options:
+ grouping: { }
+ row_class: ''
+ default_row_class: true
+ uses_fields: false
+ provider: views
+ dependencies: { }
+ row:
+ type: fields
+ options:
+ inline: { }
+ separator: ''
+ hide_empty: false
+ default_field_elements: true
+ provider: views
+ dependencies: { }
+ fields:
+ title:
+ id: title
+ table: node_field_data
+ field: title
+ relationship: none
+ group_type: group
+ admin_label: ''
+ dependencies:
+ module:
+ - node
+ - node
+ - node
+ label: ''
+ exclude: false
+ alter:
+ alter_text: false
+ text: ''
+ make_link: false
+ path: ''
+ absolute: false
+ external: false
+ replace_spaces: false
+ path_case: none
+ trim_whitespace: false
+ alt: ''
+ rel: ''
+ link_class: ''
+ prefix: ''
+ suffix: ''
+ target: ''
+ nl2br: false
+ max_length: ''
+ word_boundary: false
+ ellipsis: false
+ more_link: false
+ more_link_text: ''
+ more_link_path: ''
+ strip_tags: false
+ trim: false
+ preserve_tags: ''
+ html: false
+ element_type: ''
+ element_class: ''
+ element_label_type: ''
+ element_label_class: ''
+ element_label_colon: false
+ element_wrapper_type: ''
+ element_wrapper_class: ''
+ element_default_classes: true
+ empty: ''
+ hide_empty: false
+ empty_zero: false
+ hide_alter_empty: true
+ link_to_node: true
+ plugin_id: node
+ provider: node
+ title_1:
+ id: title_1
+ table: node_field_data
+ field: title
+ relationship: none
+ group_type: group
+ admin_label: ''
+ dependencies:
+ module:
+ - node
+ label: ''
+ exclude: false
+ alter:
+ alter_text: false
+ text: ''
+ make_link: false
+ path: ''
+ absolute: false
+ external: false
+ replace_spaces: false
+ path_case: none
+ trim_whitespace: false
+ alt: ''
+ rel: ''
+ link_class: ''
+ prefix: ''
+ suffix: ''
+ target: ''
+ nl2br: false
+ max_length: ''
+ word_boundary: true
+ ellipsis: true
+ more_link: false
+ more_link_text: ''
+ more_link_path: ''
+ strip_tags: false
+ trim: false
+ preserve_tags: ''
+ html: false
+ element_type: ''
+ element_class: ''
+ element_label_type: ''
+ element_label_class: ''
+ element_label_colon: false
+ element_wrapper_type: ''
+ element_wrapper_class: ''
+ element_default_classes: true
+ empty: ''
+ hide_empty: false
+ empty_zero: false
+ hide_alter_empty: true
+ link_to_node: true
+ plugin_id: node
+ provider: node
+ filters: { }
+ sorts: { }
+ header:
+ area:
+ id: area
+ table: views
+ field: area
+ plugin_id: text
+ provider: views
+ footer: { }
+ empty: { }
+ relationships: { }
+ arguments: { }
+ field_langcode: '***LANGUAGE_language_content***'
+ field_langcode_add_to_query: null
+ title: ''
+ page_1:
+ display_plugin: page
+ id: page_1
+ display_title: Page
+ position: 2
+ provider: views
+ display_options:
+ field_langcode: '***LANGUAGE_language_content***'
+ field_langcode_add_to_query: null
+ path: foobar