Problem/Motivation

Changing the administrative name in views ui does not update the active page title and gives the following js error:
TypeError: response.siteName is undefined
core/modules/views_ui/js/ajax.js?v=8.0.0-dev
Line 35

Proposed resolution

Add siteName to the response.

Remaining tasks

User interface changes

API changes

Files: 
CommentFileSizeAuthor
#7 2314443-7.patch559 bytesolli
PASSED: [[SimpleTest]]: [PHP 5.4 MySQL] 75,264 pass(es). View

Comments

olli’s picture

FileSize
1.8 KB
PASSED: [[SimpleTest]]: [PHP 5.4 MySQL] 75,266 pass(es). View

Here's an alternative without a need for site name in the response.

olli’s picture

Issue summary: View changes
olli’s picture

Issue summary: View changes
Issue tags: +JavaScript

I wonder if #1 really makes a better effort to replace the <title> than the original code.

olli’s picture

Issue summary: View changes
dawehner’s picture

Both variants seems to be equivalent problematic if some admin theme changes the way how page titles are generated. Well, in this case the user will just see a not-perfect title.
Nothing horrible.

Comparing the two versions I would prefer the first one, given that it does not include a complex reged in the javascript file, which is always a burden for maintenance.
What do you think, which one is the one you like?

olli’s picture

FileSize
1.56 KB
PASSED: [[SimpleTest]]: [PHP 5.4 MySQL] 75,012 pass(es). View

To get rid of the site name and regex, could we use a simple string replace?

olli’s picture

Issue summary: View changes
Issue tags: -JavaScript
FileSize
559 bytes
PASSED: [[SimpleTest]]: [PHP 5.4 MySQL] 75,264 pass(es). View

One more! Let's leave the js alone and just add the siteName to the response.

The difference between the first and the latest one is whether you want to do this:

+++ b/core/modules/views_ui/src/Form/Ajax/ViewsFormBase.php
@@ -166,7 +166,7 @@ public function getForm(ViewStorageInterface $view, $display_id, $js) {
-        $response->addCommand(new Ajax\ReplaceTitleCommand($form_state['#page_title']));
+        $response->addCommand(new Ajax\ReplaceTitleCommand($form_state['#page_title'], $this->config('system.site')->get('name')));

Pick either one.

dawehner’s picture

Status: Needs review » Reviewed & tested by the community

Even the other one has the better DI, semantically it seems better not having to specify the actual page title as well. So I would be fine with the current version of the patch.

alexpott’s picture

Status: Reviewed & tested by the community » Needs review
+++ b/core/modules/views/src/Ajax/ReplaceTitleCommand.php
@@ -39,7 +39,8 @@ public function __construct($title) {
+      'siteName' => \Drupal::config('system.site')->get('name'),

Shouldn't we be escaping this? I don;t think we can just trust this value.

olli’s picture

We need both the title and siteName without escaping to set the document.title. If we escape the siteName, the regex fails and if we escape the page title, it will get double escaped. This is also how it is in Views 7.x

dawehner’s picture

Did you tried an xss::filter?

olli’s picture

Issue tags: +JavaScript

Re #11: I guess that wouldn't work if my site name is <script>alert(0)</script>.

I don't see why we'd escape or filter the value we use to set document.title in js.

jhedstrom’s picture

Status: Needs review » Needs work

Patch here still applies, but I think is at needs work based on the above.

Version: 8.0.x-dev » 8.1.x-dev

Drupal 8.0.6 was released on April 6 and is the final bugfix release for the Drupal 8.0.x series. Drupal 8.0.x will not receive any further development aside from security fixes. Drupal 8.1.0-rc1 is now available and sites should prepare to update to 8.1.0.

Bug reports should be targeted against the 8.1.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.2.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.1.x-dev » 8.2.x-dev

Drupal 8.1.9 was released on September 7 and is the final bugfix release for the Drupal 8.1.x series. Drupal 8.1.x will not receive any further development aside from security fixes. Drupal 8.2.0-rc1 is now available and sites should prepare to upgrade to 8.2.0.

Bug reports should be targeted against the 8.2.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.3.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.2.x-dev » 8.3.x-dev

Drupal 8.2.6 was released on February 1, 2017 and is the final full bugfix release for the Drupal 8.2.x series. Drupal 8.2.x will not receive any further development aside from critical and security fixes. Sites should prepare to update to 8.3.0 on April 5, 2017. (Drupal 8.3.0-alpha1 is available for testing.)

Bug reports should be targeted against the 8.3.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.4.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.