Problem/Motivation

Currently the descriptions are being fed through the default XSS filter for security. That works, however it makes the descriptions provided by the module less flexible then the core field descriptions, because core has their own list of allowed tags.

Proposed resolution

Replace XSS references with FieldFilteredMarkup, which is the class the core field descriptions use to filter their markup. This way the module always stays in sync with what core would allow.

CommentFileSizeAuthor
#3 3081655-3.patch3.36 KByogeshmpawar
better_field_descriptions-match-core-field-sanitization.patch3.3 KBjacobbell84

Comments

jacobbell84 created an issue. See original summary.

yogeshmpawar’s picture

yogeshmpawar
He/Him/His
Primary language English
Location Pune(MH), INDIA 🇮🇳
commented

Reviewing the patch

yogeshmpawar’s picture

yogeshmpawar
He/Him/His
Primary language English
Location Pune(MH), INDIA 🇮🇳
commented
StatusFileSize
new 3081655-3.patch3.36 KB

Thanks @jacobbell84 for the patch but your patch failed to apply on 8.x-1.x branch so I have updated the patch as per 8.x-1.x branch.

  • yogeshmpawar committed 66a9bc2 on 8.x-1.x 
    Issue #3081655 by jacobbell84, yogeshmpawar: Use FieldFilteredMarkup...
yogeshmpawar’s picture

yogeshmpawar
He/Him/His
Primary language English
Location Pune(MH), INDIA 🇮🇳
commented
Status: Needs review » Fixed

Committed & Pushed to 8.x-1.x branch.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

jacobbell84’s picture

jacobbell84 commented