Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Currently it's possible to add html to the label of a component (For example
<strong> or a <span>
with a class etc.)
However if validation fails server side and the field name is output into the messages area then the html tags are escaped and display on screen.
Steps to reproduce
Create a new form using the below. (One required element with html in the label)
Via Settings -> Form set
Disable client-side validation and Disable inline form errors
Save.
Submit form without selecting anything.
_strong_title_strong_here:
'#type': checkbox
'#title': '<strong>Title</strong> here'
'#equal_stepwise_validate': 0
'#equal_components': { }
'#compare': 0
'#compare_components': ''
'#compare_components_operator': ''
'#compare_components_custom_error': ''
'#some_of_several': 0
'#some_of_several_components': { }
'#some_of_several_components_completed': ''
'#some_of_several_final_validation': 0
'#required': true
Comment | File | Size | Author |
---|---|---|---|
#13 | 3245019-13.patch | 4.46 KB | jrockowitz |
#8 | 3245019-9.patch | 1.22 KB | jrockowitz |
#4 | webform.webform.issue_3245019.yml | 4.76 KB | jrockowitz |
#4 | 3245019-4.patch | 710 bytes | jrockowitz |
ValidationMessage.png | 6.55 KB | luke.stewart |
Comments
Comment #2
luke.stewart CreditAttribution: luke.stewart at Fuzion commentedComment #3
luke.stewart CreditAttribution: luke.stewart at Fuzion commentedComment #4
jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commentedThe attached webform replicates this issue and the attached patch fixes it.
This issue should also be fixed in 8.x-5.x
Comment #5
jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commentedComment #6
jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commentedSurprisingly, changing an $element['#title'] from a string to Markup could cause some unexpected regression. Let's see if all the tests pass.
I think we might want to limit the allowed tags for the $element['#title'] markup.
Comment #8
jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commentedComment #9
luke.stewart CreditAttribution: luke.stewart at Fuzion commentedCame back to have a go fixing and found the solution!
Tests passing.
Looks great.
I've tested this and confirm fixes behaviour.
Note:
Was wondering if we need to consider custom validation messages - but looks like they were already working - and nice warning about html being stripped for client side validation.
I'm happy to write a test to cover this behaviour if it would be helpful but might need some pointers/suggestions on where it would best fit.
Comment #10
jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commentedTo add test coverage, you would need to
- Add an example to webform.webform.test_element_validate_required.yml
- Add an test with an assertion to WebformElementValidateRequiredTest
- Update comments in WebformElementValidateRequiredTest to distinguish between custom errors and the default errors.
Comment #11
jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commentedComment #12
jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commentedI would like to get this into the next 6.1.x release
Comment #13
jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commentedComment #14
jrockowitz CreditAttribution: jrockowitz as a volunteer and at Webform module Open Collective, The Big Blue House commented