CommentFileSizeAuthor
#86 filter_tips_improperly-2346209-86.patch3.28 KBcburschka
#84 filter_tips_improperly-2346209-83-pure.patch5.06 KBcburschka
#83 filter_tips_improperly-2346209-83-pure.patch5.46 KBcburschka
#73 filter_tips_improperly-2346209-73.patch15.17 KBkeopx
#73 interdiff-filter_tips_improperly-2346209-70-73.txt762 byteskeopx
#70 filter_tips_improperly-2346209-70.patch15.15 KBkeopx
#70 interdiff-filter_tips_improperly-2346209-62-70.txt601 byteskeopx
#68 interdiff-filter_tips_improperly-2346209-62-68.txt588 byteskeopx
#68 filter_tips_improperly-2346209-68.patch15.14 KBkeopx
#66 Before-2346209-66.png290.56 KBkeopx
#66 After-2346209-66.png197.91 KBkeopx
#62 filter_tips_improperly-2346209-62.patch15.11 KBdimaro
#62 interdiff.txt13.58 KBdimaro
#60 interdiff.txt1.52 KBdimaro
#59 interdiff-filter_tips_improperly-2346209-57-59.txt1.11 KBkeopx
#59 filter_tips_improperly-2346209-59.patch4.8 KBkeopx
#57 filter_tips_improperly-2346209-57.patch3.85 KBdimaro
#53 filter_tips_improperly-2346209-53.patch3.85 KBm4olivei
#46 filter_tips_improperly_only_test-2346209-46.patch1.26 KBsubhojit777
#45 filter_tips_improperly-2346209-45.patch3.66 KBsubhojit777
#45 interdiff-2346209-35-45.txt1.91 KBsubhojit777
#35 interdiff-2346209-30-35.txt2.73 KBsubhojit777
#35 filter_tips_improperly-2346209-35.patch2.35 KBsubhojit777
#30 interdiff_26_30.txt1.6 KBZekvyrin
#30 properly_escape_filter_tips-2346209-30.patch2.87 KBZekvyrin
#26 interdiff_18_26.txt2.43 KBZekvyrin
#26 properly_escape_filter_tips-2346209-26.patch2.75 KBZekvyrin
#26 filter-tips-restricted.jpg310.49 KBZekvyrin
#24 Compose tips | Site-Install 2014-10-04 16-51-47.png480.33 KBrealityloop
#24 Compose tips | Site-Install 2014-10-04 16-49-01.png186.37 KBrealityloop
#18 properly_escape_filter_tips-2346209-18.patch2.69 KBZekvyrin
#18 interdiff.txt971 bytesZekvyrin
#16 properly_escape_filter_tips_partial-2346209-16.patch2.64 KBpguillard
#14 properly_escape_filter_tips_partial-2346209-14.patch1.12 KBpguillard
#14 tips-after.png37.02 KBpguillard
#7 tips.png54.72 KBpguillard
#1 Compose tips | Site-Install 2014-09-28 11-01-57.png230.99 KBrealityloop
#1 properly_escape_filter_tips_partial-2346209-1.patch558 bytesrealityloop
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

realityloop’s picture

The attached patch partially fixes the issue however some of the output is still incorrectly excaped, see image for after patch applied

realityloop’s picture

Issue tags: +Amsterdam2014
realityloop’s picture

tagging

realityloop’s picture

pguillard’s picture

Assigned: Unassigned » pguillard
LinL’s picture

Adding parent issue.

pguillard’s picture

FileSize
54.72 KB

This is what we should have, right ?

realityloop’s picture

@pguillard that looks better but I don't know the code tags are required around the character examples.

pguillard’s picture

I also wonder. I'm preparing thé patch

pguillard’s picture

@realityloop : I also wonder. I'm preparing thé patch

Hanno’s picture

the code tags should not be visible as typed tags, but we need them in the html for semantics (a11y)

pguillard’s picture

What do you think of this patch ?
I introduced a private function there for visibility, maybe not a good idea...

pguillard’s picture

Status: Active » Needs review
pguillard’s picture

It seems I forgot to upload that patch

Tips After

Status: Needs review » Needs work

The last submitted patch, 14: properly_escape_filter_tips_partial-2346209-14.patch, failed testing.

pguillard’s picture

Zekvyrin’s picture

Patch #16 is working.

I'm not sure about the function, but I think that htmlentities function should be replaced.
The proper way as written in https://www.drupal.org/node/2311123, would be using #context variables (like option two example).
If not, maybe Drupal8's String::checkPlain is preferred.

Also think the boolean variables name should be different (and I fixed a minor typo in "boolean").

I've uploaded a patch using the function, and I'll try to make one without the function.

Zekvyrin’s picture

Sorry, forgot to upload the patch

organicwire’s picture

Patch #17 is working for me. And, according to #2311123, using the #context array is a good idea.

organicwire’s picture

Status: Needs work » Needs review

Summary
The problem was that on the filter tips page (filter/tips) the permitted html was inproperly escaped. See screenshot Compose tips | Site-Install 2014-09-28 11-01-57.png.

Work being done
#16 fixes this
#18 improved the patch
#19 confirms that the patch works

TODO
We need someone to review the code.

martin_q’s picture

Status: Needs review » Needs work

The code looks OK to me (also a novice in D8) but I note that under option two in #2311123,

If you run into a situation where there are a lot of inline_template render elements, that may be a sign that a conversion to a Twig template should happen at a higher level.

Is this not such a situation?

Anonymous’s picture

I reviewed the code and from #18 and I think its is fine.

Zekvyrin’s picture

Status: Needs work » Needs review

@martin_q: I don't think this applies here, but still I'm not sure.
Because we don't know if this needs work to be done or not for sure, this issue's status should be CNR not CNW.

If someone is sure that in needs to change or not can either change it to CNR or RTBC.

realityloop’s picture

Status: Needs review » Reviewed & tested by the community
Issue tags: -Novice, -Needs issue summary update
FileSize
186.37 KB
480.33 KB

The code looks good and it fixes the problem
Before:

After applying #18:

alexpott’s picture

Status: Reviewed & tested by the community » Needs work

Why

  1. +++ b/core/modules/filter/filter.module
    @@ -462,6 +462,7 @@ function template_preprocess_filter_tips(&$variables) {
    +      $tiplist[$tip_key]['tip'] = Xss::filterAdmin($tiplist[$tip_key]['tip']);
    

    Why do we need to do this?

  2. +++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
    @@ -81,6 +81,25 @@ public function getHTMLRestrictions() {
       /**
    +   * Get inline template to avoid Twig autoescape
    +   * See https://www.drupal.org/node/2311123
    +   * @param string $content
    +   * @param boolean $is_html_code
    +   * @return string
    +   */
    

    The docblock is not done according to our coding standards.

  3. +++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
    @@ -81,6 +81,25 @@ public function getHTMLRestrictions() {
    +  private function getInlineTemplate($content, $is_html_code) {
    

    why is the function private? What is wrong with protected?

  4. +++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
    @@ -144,8 +163,8 @@ public function tips($long = FALSE) {
    +          array('data' => drupal_render($this->getInlineTemplate($tips[$tag][1], TRUE)), 'class' => array('type')),
    +          array('data' => drupal_render($this->getInlineTemplate($tips[$tag][1], FALSE)), 'class' => array('get'))
    
    @@ -175,8 +194,8 @@ public function tips($long = FALSE) {
    +        array('data' => drupal_render($this->getInlineTemplate($entity[1], TRUE)), 'class' => array('type')),
    +        array('data' => drupal_render($this->getInlineTemplate($entity[1], FALSE)), 'class' => array('get'))
    

    No need to call drupal_render() here. It will be called on the table.

Zekvyrin’s picture

Status: Needs work » Needs review
FileSize
310.49 KB
2.75 KB
2.43 KB

@alexpott:

1. If this code is not added, the resulted page will be:

I think I fixed #2-3-4 with this patch.

If it's something more with docblock's coding standards, please tell me and I'll try to fix it.

jibran’s picture

Issue tags: +SafeMarkup
joelpittet’s picture

Assigned: pguillard » Unassigned
Status: Needs review » Needs work

Thanks for the fix @Zekvyrin it looks really good and I like the approach!

  1. +++ b/core/modules/filter/filter.module
    @@ -462,6 +462,7 @@ function template_preprocess_filter_tips(&$variables) {
    +      $tiplist[$tip_key]['tip'] = Xss::filterAdmin($tiplist[$tip_key]['tip']);
    

    We don't need this Xss::filterAdmin with the inline_template because it will be checkPlained by autoescape in the inline template. And it was originally checkPlain and not filterAdmin.

  2. +++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
    @@ -81,6 +81,29 @@ public function getHTMLRestrictions() {
    +  protected function getInlineTemplate($content, $is_html_code) {
    

    This looks like it could be more generic for all of Drupal, what do you think?

  3. +++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
    @@ -81,6 +81,29 @@ public function getHTMLRestrictions() {
    +      '#template' => $is_html_code ? '<code>{{content}}

    ' : $content,

    The content variable needs spaces inside the two curly brackets for coding standards:
    {{content}} should be {{ content }}

aneek’s picture

@Zekvyrin, nice patch. Really like the idea about getInlineTemplate() method. I do agree with @joelpittet, we could make this method work more. Like available to the whole system not just the FilterHtml.php or it's child classes.
Few feedbacks,

+++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
+   * Get inline template to avoid Twig autoescape

1. More detailed description will be nice. About the method, and what it does in more details.

+++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
'#template' => $is_html_code ? '{{content}}' : $content,
+      '#context' => array(
+        'content' => $content,
+      ),

If $is_html_code is FALSE or NULL then $content is printed as is. Then I suppose we don't need to add variables in #context.

Thanks!

Zekvyrin’s picture

I've uploaded a patch fixing coding standards (joelpittet 3rd point) and changing '#context' array (aneek's comment) not to pass context to inline template if not needed.

Patch still needs work for the reasons below:

@joelpittet 1st comment:

Try my patch without this change and you'll see something like the screenshot I got in #26.

Things is that this page contains some sections (one for each text format),
and each section has a unordered list (ul) with one item each filter in this format.
For example in Restricted html there is one list item for:

  • Html & a table with allowed tags
  • Lines and paragraphs are automatically recognized.
  • Web page addresses and email addresses turn into links automatically.

Each item contains html & possibly other templates, which gets escaped when checked plain...

Using this line, we are checking the whole html of each item for possibly xss, and "marking" is safe (so it's not checked plain afterwards). If we let it to be checked plain, we'll get the result like the screenshot I got in #26.

Maybe we need to change the logic somehow (I was thinking that we might need to check every possible filter tip to be a template as an alternative), instead of adding this line, but without it we have all these sections getting double escaped. But we definitely need to do something there...

@aneek: well for the record it wasn't my idea adding a function :P
I just improved a previous patch.

I do agree with both that this function can be more generic and be used elsewhere as well.
But I guess it needs another name and be inserted somewhere else ( I don't know where).

maybe a more generic which allows the developer to choose a tag:
getInlineTemplateforTag($content, $is_html_code, $tag)

where $tag variable holds the string for the tag (for example in our case $tag = "code").

What do you think?

subhojit777’s picture

Status: Needs work » Needs review

Invoking testbot

aneek’s picture

@Zekvyrin, checked with patch #30, page UI output is as expected.

Now, about the new method we are talking about. Before making one, let's think about a bit.

First, what the method will do? I think, this method can create "inline_template" based on the tag and the content we supply via the arguments. So, instead writing the "inline_template" based on the api https://www.drupal.org/node/2311123 we can use this new method to generate "inline_template" dynamically.

Second, if the method is written then what will be it's scope? What will be the possibility that other modules or core or other developers will use this to write "inline_template"? Since writing "inline_template" and generating "inline_template" via calling the method with parameters can take more or less same efforts from a developer. So the main question is will this method become useful to others?

Third, creating this method to generate "inline_template" can have a performance factor as well. In this patch we only see that a simple "code" tag is used. To make this function generic we need to allow others to pass any HTML tags and n numbers of HTML attributes in it. So I can pass <div class="xx" id="yy" attr1="zz"></div> etc. Also some one can pass malicious attributes as well. In that case, we need to check about each tags and attributes for sensitizations. Then only actual "inline_template" can be generated from this method. So what we are doing? We are just using many if-else conditions and some array iterations and a bunch of class declarations like new Attribute(), SafeMarkup::checkAdminXss() etc. Again the same question comes, do we really need this to happen just to generate a page?

But if we see there is a very good chance that this method can be used widely throughout the system then we might have this method.

I'd really like to hear what you think @Zekvyrin & @joelpittet and what others has to say about this.

Thanks!

subhojit777’s picture

Assigned: Unassigned » subhojit777
Status: Needs review » Needs work
Issue tags: +Needs tests

From what @aneek mentioned in #32, I do not think we need a separate function.

+++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
@@ -81,6 +81,34 @@ public function getHTMLRestrictions() {
+    return array(
+      '#type' => 'inline_template',
+      '#template' => $is_html_code ? '<code>{{ content }}

' : $content,
+ '#context' => $context,
+ );

This can be done here

+++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
@@ -144,8 +172,8 @@ public function tips($long = FALSE) {
+          array('data' => $this->getInlineTemplate($tips[$tag][1], TRUE), 'class' => array('type')),
+          array('data' => $this->getInlineTemplate($tips[$tag][1], FALSE), 'class' => array('get'))

Aneek's third comment is very important. It will be an overhead if we want to make the function generic.

subhojit777’s picture

Removed function.

As for $tiplist[$tip_key]['tip'] = Xss::filterAdmin($tiplist[$tip_key]['tip']);, I think we cannot remove this. I am no expert to decide this, but I think this is what is happening - #1825952: Turn on twig autoescape by default is coming into action, it is escaping HTML while rendering, XSS::filterAdmin() makes sure that the string will not be escaped during rendering.

subhojit777’s picture

Status: Needs review » Needs work

Back to needs work for tests

idebr’s picture

+++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
@@ -175,8 +184,17 @@ public function tips($long = FALSE) {
-        array('data' => '&#039; . String::checkPlain($entity[1]) . &#039;', 'class' => array('type')),
-        array('data' => $entity[1], 'class' => array('get'))

I think these 'type' and 'get' classes are missing in the patch as well

joelpittet’s picture

+++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
@@ -144,8 +144,17 @@ public function tips($long = FALSE) {
+          ), 'class' => array('type')),
...
+          ), 'class' => array('get')),

The classes are in there,
though they should be on the next line.

idebr’s picture

@joelpittet Those are the classes indeed, but it's a different code block.

  1. +++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
    @@ -144,8 +144,17 @@ public function tips($long = FALSE) {
    -          array('data' => '&#039; . String::checkPlain($tips[$tag][1]) . &#039;', 'class' => array('type')),
    -          array('data' => $tips[$tag][1], 'class' => array('get'))
    

    This code maintains the type and get class

  2. +++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
    @@ -175,8 +184,17 @@ public function tips($long = FALSE) {
    -        array('data' => '&#039; . String::checkPlain($entity[1]) . &#039;', 'class' => array('type')),
    -        array('data' => $entity[1], 'class' => array('get'))
    

    In this case the class 'type' and 'get' are missing

joelpittet’s picture

Oh I missed that, thanks, those are missing in the second hunk.

jackbravo’s picture

@idebr found this issue which is also being worked at #2388299: Fix markup on filter/tips page..

subhojit777’s picture

Assigned: subhojit777 » Unassigned
Status: Needs work » Needs review
Issue tags: -Needs tests

I think this does not needs tests. This bug can be tested "visually", and since the filter tips is kind of static I guess it does not needs tests. Sorry for the confusion. I am leaving this to committer (and others) whether this bug needs tests.

idebr’s picture

Status: Needs review » Needs work
Issue tags: +Needs tests

@subhojit777 The tests are not strictly necessary for this issue, but think of it as a safeguard so our valued patches are not broken by accident in the future :). For reference, have a look at the meta issue #2297711: Fix HTML escaping due to Twig autoescape to verify the issues that have been fixed before that included a test.

To summarize:
- This issue needs a basic test to ensure markup is properly escaped
- The missing classes I discussed with @joelpittet in #38/#39/#40 still need to be fixed

subhojit777’s picture

Assigned: Unassigned » subhojit777
subhojit777’s picture

Status: Needs work » Needs review
FileSize
1.91 KB
3.66 KB
subhojit777’s picture

Status: Needs review » Needs work

The last submitted patch, 46: filter_tips_improperly_only_test-2346209-46.patch, failed testing.

subhojit777’s picture

Assigned: subhojit777 » Unassigned
Status: Needs work » Needs review

Patch with only tests failing as expected.

m4olivei’s picture

Issue tags: +Needs reroll

Tagging as Needs reroll. No longer applies clean against HEAD. Re-rolling..

keopx’s picture

Assigned: Unassigned » keopx

The last submitted patch, 45: filter_tips_improperly-2346209-45.patch, failed testing.

m4olivei’s picture

Re-roll. This patch applies cleanly at commit 4b1714a. I also spread the array out for code style.

keopx’s picture

Assigned: keopx » Unassigned
pguillard’s picture

I quit this issue a long time ago, I can't tell about the code now, but the result on the filter page seems to be what we need !

Status: Needs review » Needs work

The last submitted patch, 53: filter_tips_improperly-2346209-53.patch, failed testing.

dimaro’s picture

Status: Needs work » Needs review
Issue tags: -Needs reroll +drupaldevdays
FileSize
3.85 KB

Use SafeMarkup instead of String on testFilterTipHtmlEscape to fix the error

joelpittet’s picture

This patch is looking pretty close! Just one question and one little nitpick.

  1. +++ b/core/modules/filter/filter.module
    @@ -469,6 +469,7 @@ function template_preprocess_filter_tips(&$variables) {
    +      $tiplist[$tip_key]['tip'] = Xss::filterAdmin($tiplist[$tip_key]['tip']);
    

    I'm curious if this is still needed?

  2. +++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
    @@ -144,8 +144,23 @@ public function tips($long = FALSE) {
    +              '#context' => array(
    +                'tip' => $tips[$tag][1],
    +              ),
    ...
    +            'class' => array('type'),
    ...
    +            'data' => array(
    ...
    +            ),
    +            'class' => array('get'),
    

    Can probably go short array syntax on the changed hunks.

keopx’s picture

Create new version of patch removing deprecated drupal_render function.

dimaro’s picture

FileSize
1.52 KB

Considering PHP documentation:
"As of PHP 5.4 you can also use the short array syntax, which replaces array() with []."

Can you review this interdiff?
In case you were correct, I apply it to the rest of change and upload the patch?

Thanks.

rteijeiro’s picture

Status: Needs review » Needs work

@dimaro, go ahead. interdiff looks good.

dimaro’s picture

Status: Needs work » Needs review
FileSize
13.58 KB
15.11 KB

Add the changes made in #59.

I used the short array syntax throughout the method because I think we should use only one syntax.

keopx’s picture

Status: Needs review » Reviewed & tested by the community

Looks good.

rteijeiro’s picture

Status: Reviewed & tested by the community » Needs review

@regiguren, could you provide a couple of screenshots, before and after the patch, please?

keopx’s picture

Assigned: Unassigned » keopx
keopx’s picture

Assigned: keopx » Unassigned
Status: Needs review » Reviewed & tested by the community
FileSize
197.91 KB
290.56 KB

Here screenshots

rteijeiro’s picture

Status: Reviewed & tested by the community » Needs work
Issue tags: -Needs tests
+++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
@@ -100,91 +100,117 @@ public function tips($long = FALSE) {
+            'class' => ['description'], 'colspan' => 3

I think this should be correctly formatted and add the missing trailing comma.

'class' => ['description'],
'colspan' => 3,
keopx’s picture

Status: Needs work » Needs review
FileSize
15.14 KB
588 bytes
keopx’s picture

Status: Needs review » Needs work
keopx’s picture

Status: Needs work » Needs review
FileSize
601 bytes
15.15 KB

The last submitted patch, 68: filter_tips_improperly-2346209-68.patch, failed testing.

Status: Needs review » Needs work

The last submitted patch, 70: filter_tips_improperly-2346209-70.patch, failed testing.

keopx’s picture

@rteijeiro thanks for cancel test

keopx’s picture

Status: Needs work » Needs review

Status: Needs review » Needs work

The last submitted patch, 73: filter_tips_improperly-2346209-73.patch, failed testing.

Status: Needs work » Needs review
rteijeiro’s picture

Status: Needs review » Reviewed & tested by the community

Looks RTBC to me!

dimaro’s picture

RTBC++

Status: Reviewed & tested by the community » Needs work

The last submitted patch, 73: filter_tips_improperly-2346209-73.patch, failed testing.

Status: Needs work » Needs review
lauriii’s picture

Status: Needs review » Reviewed & tested by the community

I guess its RTBC again

alexpott’s picture

Status: Reviewed & tested by the community » Needs work

So #59 to #62 converted this to use a short array syntax basically making this issue exceptionally difficult to review. Can someone please reroll this patch to only do what is necessary to fix the bug reported in the issue summary.

cburschka’s picture

Status: Needs work » Needs review
FileSize
5.46 KB

Didn't want to rip it out manually and there isn't a script that reverts the short array syntax... but I was able to do the conversion first, commit it, then 3-merge in the patch, commit it, then cherry-pick the second commit onto the original. Git is awesome. :D

cburschka’s picture

FileSize
5.06 KB

One slipped through. This patch only changes the arrays that are getting changed anyway.

alexpott’s picture

Status: Needs review » Needs work
  1. +++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
    @@ -142,16 +142,33 @@ public function tips($long = FALSE) {
    -        $rows[] = array(
    -          array('data' => $tips[$tag][0], 'class' => array('description')),
    -          array('data' => '' . SafeMarkup::checkPlain($tips[$tag][1]) . '', 'class' => array('type')),
    -          array('data' => $tips[$tag][1], 'class' => array('get'))
    -        );
    +        $rows[] = [
    +          [
    +            'data' => $tips[$tag][0],
    +            'class' => ['description'],
    +          ],
    +          [
    +            'data' => [
    +              '#type' => 'inline_template',
    +              '#template' => '{{ tip }}',
    +              '#context' => ['tip' => $tips[$tag][1]],
    +            ],
    +            'class' => ['type'],
    +          ],
    +          [
    +            'data' => ['#type' => 'inline_template', '#template' => $tips[$tag][1]],
    +            'class' => ['get'],
    +          ],
    +        ];
           }
           else {
    -        $rows[] = array(
    -          array('data' => $this->t('No help provided for tag %tag.', array('%tag' => $tag)), 'class' => array('description'), 'colspan' => 3),
    -        );
    +        $rows[] = [
    +          [
    +            'data' => $this->t('No help provided for tag %tag.', ['%tag' => $tag]),
    +            'class' => ['description'],
    +            'colspan' => 3,
    +          ],
    +        ];
           }
    

    Let's just use SafeMarkup::format('<span class="x">@var</span>', array('@var' => $var)); here instead and then there'll be only one line of difference. See option 4 on https://www.drupal.org/node/2311123

  2. +++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
    @@ -159,7 +176,7 @@ public function tips($long = FALSE) {
    -    $output .= drupal_render($table);
    +    $output .= \Drupal::service('renderer')->render($table);
    
    @@ -173,18 +190,31 @@ public function tips($long = FALSE) {
    -    $output .= drupal_render($table);
    +    $output .= \Drupal::service('renderer')->render($table);
    

    Out of scope change

  3. +++ b/core/modules/filter/src/Plugin/Filter/FilterHtml.php
    @@ -173,18 +190,31 @@ public function tips($long = FALSE) {
    -      $rows[] = array(
    -        array('data' => $entity[0], 'class' => array('description')),
    -        array('data' => '' . SafeMarkup::checkPlain($entity[1]) . '', 'class' => array('type')),
    -        array('data' => $entity[1], 'class' => array('get'))
    -      );
    +      $rows[] = [
    +        ['data' => $entity[0], 'class' => ['description']],
    +        [
    +          'data' => [
    +            '#type' => 'inline_template',
    +            '#template' => '{{ tip }}',
    +            '#context' => ['tip' => $entity[1]],
    +          ],
    +          'class' => ['type'],
    +        ],
    +        [
    +          'data' => [
    +            '#type' => 'inline_template',
    +            '#template' => $entity[1],
    +          ],
    +          'class' => ['get'],
    +        ],
    +      ];
         }
    

    As above.

cburschka’s picture

Status: Needs work » Needs review
FileSize
3.28 KB

This should do it.

keopx’s picture

Status: Needs review » Reviewed & tested by the community

Well done @cburschka

alexpott’s picture

Status: Reviewed & tested by the community » Fixed

This issue is a normal bug fix, and doesn't include any disruptive changes, so it is allowed per https://www.drupal.org/core/beta-changes. Committed 0af6777 and pushed to 8.0.x. Thanks!

  • alexpott committed 0af6777 on 8.0.x
    Issue #2346209 by keopx, Zekvyrin, subhojit777, cburschka, pguillard,...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.