Filter form error messages with field_filter_xss() to allow inline HTML [#1782876]

I have entered a <em> in my custom error message and now the user see the <em> and the text in between is not italic as it has been check_plain()'ed.

We should only filter with http://api.drupal.org/api/drupal/modules%21field%21field.module/function... or http://api.drupal.org/api/drupal/includes%21common.inc/function/filter_x... to allow a bit more for HTML for admins. They should be the only persons who administer the validation rules. We may trust them and allow them to use inline HTML.

Comments

Comment #1

g089h515r806 commented 13 September 2012 at 11:20

I agree with it.
Which is the better filter_xss_admin , filter_xss?

Comment #2

hass commented 13 September 2012 at 13:08

It depends, but I think http://api.drupal.org/api/drupal/modules!field!field.module/function/field_filter_xss/7 should cover really the most as it contains nearly all typically used inline stuff.

Comment #3

g089h515r806 commented 11 November 2012 at 07:53

Status:

Active

» Fixed

Commited

Comment #4

hass commented 11 November 2012 at 11:51

Title:

Filter form error messages with through field_filter_xss() to allow inline HTML

» Filter form error messages with field_filter_xss() to allow inline HTML

Thx

Comment #5

25 November 2012 at 12:00

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Filter form error messages with field_filter_xss() to allow inline HTML

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

News items

Our community

Documentation

Drupal code base

Governance of community