Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Follow-up to #2571915: Replace remaining !placeholder for field widget stuff
Problem/Motivation
See #2566503: [meta] Replace remaining !placeholder for Non-URL HTML outputs only
ib/Drupal/Core/Form/form.api.php: $message = t("!count items were processed.", array(
lib/Drupal/Core/Form/FormValidator.php: $form_state->setError($elements, $this->t('!name field is required.', array('!name' => $elements['#title'])));
lib/Drupal/Core/Form/FormValidator.php: $form_state->setError($elements, $this->t('!name cannot be longer than %max characters but is currently %length characters long.', array('!name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'], '$max' => $elements['#maxlength'], '%length' => Unicode::strlen($elements['#value']))));
Proposed resolution
The one remaining question is do translators have a need to add HTML to a date format string?
Remaining tasks
Agree that removing HTML support makes sense.
User interface changes
None
API changes
Date format strings no longer support adding HTML using the \ escape character.
Data model changes
None
Beta phase evaluation
Issue category | Bug because at the moment date formats support HTML but it is escaped |
---|---|
Issue priority | Major because part of the critical to remove !placeholder |
Disruption | Disruptive for existing sites that are adding HTML to date formats. If HTML is required in a formatted date then the site should implement a custom field formatter to do this. |
Comment | File | Size | Author |
---|---|---|---|
#14 | remove_placeholder_in-2571919-14.patch | 958 bytes | legolasbo |
#2 | remove_html_support-2571919-2.patch | 2.57 KB | nevergone |
Comments
Comment #2
nevergone CreditAttribution: nevergone commentedComment #3
pwolanin CreditAttribution: pwolanin as a volunteer and at Acquia commentedIn #2568613: Remove HTML support from date formats and replace remaining !placeholder where format_date() and 'date.formatter' => format() are used ?
At the least, we are saying there that we don't escape HTML:
HTML is not escaped by the date formatter, it must be escaped later.
Comment #4
pwolanin CreditAttribution: pwolanin as a volunteer and at Acquia commentedComment #5
dawehnerMeh.
Are we sure here, because its batch api?
Comment #6
pwolanin CreditAttribution: pwolanin as a volunteer and at Acquia commented@dawehner - I'm not sure what you are questioning. The count will always be an int and @count won't affect it.
Comment #7
dawehnerIts the number this would be never double escaped.
Comment #8
stefan.r CreditAttribution: stefan.r commentedRTBC++, considering #title is always supposed to be wrapped in t()
Comment #9
alexpottAnd you are supposed to make sure batch api JS variables are safe - so this makes sense.
Committed beed345 and pushed to 8.0.x. Thanks!
Comment #12
nevergone CreditAttribution: nevergone commentedAlready committed.
Closed.
Comment #14
legolasboWe missed one in
FormValidator::performRequiredValidation()
.Attached patch adjusts the placeholder.
Comment #15
swentel CreditAttribution: swentel commentedShouldn't this just be @ instead of % ?
Comment #16
heddnInstead of reopening, which messes with commit credit, etc. Can we open a new follow-up issue?
Comment #17
legolasboAs suggested in #16 I created a follow up at #2637458: Remove !placeholder in FormValidator::performRequiredValidation()