Machine name element leaks to much data to drupalSetting

Oh wow.
Given that

      $function = $element['#machine_name']['exists'];
      if (call_user_func($function, $element['#value'], $element, $form_state)) {

is used I'm wondering whether we should validate whether something is an actual instance? It would not be able to call non static code at the moment, right?

I think we can backport this to D7 as well. Can we add some kind of tests for this? Patch itself doesn't touch JS but I think it'd great if JS maintainer can have a look at it so tagging.

+++ b/core/tests/Drupal/Tests/Core/Render/Element/MachineNameTest.php
@@ -42,4 +46,76 @@ public function providerTestValueCallback() {
+    /** @var \Drupal\Core\Form\FormStateInterface $form_state */
+    // $form_state = $this->prophesize(FormStateInterface::class)->reveal();

Let's drop those 2 lines then? I think its right to use the value object instead of a mock here.

Thank you.

.

Fix looks right.

While this changes what's in drupalSettings, it should be impossible for contrib or custom JavaScript to rely on that, so I think it's fine for 8.0.x.

Tagging performance due to the cache entry bloat.

Committed/pushed to 8.1.x and cherry-picked to 8.0.x, thanks!