Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
There are a number of spelling errors in the dictionary that only exist because they are used in XSS tests or related code:
- ascript
- attributename
- attrlist
- barbaz
- bgsound
- bscript
- ckers
- dynsrc
- ession
- fooÿñ
- harnhammar
- kses
- livescript
- metacharacters
- msgbox
- ncript
- nfocus
- nmedi
- nmouseover
- nosuchscheme
- nosuchtag
- noxss
- onmediaerror
- pression
- propertyname
- ript
- scri
- scrscriptipt
- tascript
- thisval
- unicoded
- vbscript
Proposed resolution
Rename variables where we can, explicitly ignore words that are used for testing in the relevant file only.
Remaining tasks
User interface changes
API changes
Data model changes
Release notes snippet
Comment | File | Size | Author |
---|---|---|---|
#7 | 3162972-7.patch | 10.39 KB | longwave |
Comments
Comment #2
longwaveComment #3
jungleThanks @longwave!
Renamed variable only in
Xss
Rewritten comment only in
Element
.cspell:ignore
added/renaming made to tests inStandardTest
,HtmlEscapedTextTest
andXssTest
All good to me.
Comment #4
catch#2 no longer applies.
Comment #5
jungleThanks @catch!
misrendered
,scriptlet
,wxuczpzdmc
, but not in scope here to remove them.Assuming testing passes, and setting back to RTBC.
Comment #6
jungleUpdating the number in title and the list of removed words in IS.
Comment #7
longwaveRerolled, staying RTBC.
Comment #9
catchCommitted edd570f and pushed to 9.1.x. Thanks!