Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Creating a new pane with the title 'Hosting Terms & Conditions' results in a pane titled 'Hosting Terms & Conditions'. I would expect it to escape HTML tags, but not entities in the pane titles.
Comments
Comment #1
pcambrauh?
Comment #2
stewart.adam CreditAttribution: stewart.adam commentedOops, sorry - should have previewed before submitting... My HTML entity was automatically converted!
It shows 'Hosting Terms & Conditions'.
Comment #3
pcambraProbably coming from this http://drupalcode.org/project/commerce_extra_panes.git/commitdiff/d59fed...
Comment #4
sirtetSame Problem for me...
@pcambra:
So, do you confirm this is a bug?
I'm not coder enough to see what to change, i just see it's a commit not by you, but committed by you.
It's about XSS in node title, but node-titles can show entities correct, so i guess it's not correctly displayed here?