Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Follow-up to #2049921: Update the markup in UserMultipleCancelConfirm::buildForm()
Problem/Motivation
$form['comments'] = array(
'#prefix' => '<ul>',
'#suffix' => '</ul>',
'#tree' => TRUE,
);
// array_filter() returns only elements with actual values.
$comment_counter = 0;
$this->comments = $this->commentStorage->loadMultiple(array_keys(array_filter($edit['comments'])));
foreach ($this->comments as $comment) {
$cid = $comment->id();
$form['comments'][$cid] = array(
'#type' => 'hidden',
'#value' => $cid,
'#prefix' => '<li>',
'#suffix' => Html::escape($comment->label()) . '</li>'
);
$comment_counter++;
}
There is no need to use '#prefix'
and '#suffix'
with hidden fields.
Proposed resolution
Update the markup, and move the labels to a new list element.
Remaining tasks
Review.
RTBC.
Commit.
User interface changes
None
API changes
None
Data model changes
None
Comment | File | Size | Author |
---|---|---|---|
#6 | update_the_markup_in-2851849-6.patch | 3.72 KB | jibran |
Comments
Comment #2
jibranHere we go.
Comment #3
tim.plunkettLooks great! Thanks
Comment #4
xjmI feel like I committed this patch already but it was a different one.
The escape should no longer be necessary since it's not in the suffix anymore. Can we test that and remove if so? There could even already be test coverage; try putting XSS in there and see what happens. ;) If that passes then we need a small XSS test also.
Comment #5
yogeshmpawarUpdated patch as per comment #4 & also previous patch failed to apply on 8.4.x branch
Comment #6
jibranFixed #4.
Comment #7
yogeshmpawarAny Update on this issue ?
Comment #8
jibranWe need a review/RTBC here.
Comment #9
LendudeChanges look good and make sense, all feedback from @xjm has been addressed, back to RTBC.
Comment #10
LendudeQuick update of the IS to include the move of the labels.
Comment #11
star-szrComment #14
jibranDon't know what happened there.
Comment #15
xjmHm, is this quite right? We're now adding a visible item list of labels that's not connected to the hidden list of comment IDs as it is in HEAD, but rather a parallel child as a not-hidden list. Sorry if I'm being dense and failing to understand what the weird HEAD code is doing. Can we manually test and show the markup of the form in HEAD and with the patch?
Would these assertions maybe make sense as
assertEscaped()
? https://api.drupal.org/api/drupal/core%21modules%21simpletest%21src%21As...Comment #16
jibranThis got updated in #1986606: Convert the comments administration screen to a view so this can be closed as outdated.