Problem/Motivation

XSS::filter() no longer sets output to be safe markup. It is replaced by SafeMarkup::filterXss().
Change Record: Xss::filter() and Xss::filterAdmin() no longer mark their results as safe, and SafeMarkup::checkAdminXss() will be removed

Proposed resolution

Replace XSS::filter() with SafeMarkup::filterXss() in CollectSettingsFormBase and make head green again.

Remaining tasks

User interface changes

API changes

Data model changes

CommentFileSizeAuthor
#4 replace_task_collect-2532018-4.patch921 bytesgiancarlosotelo
#2 replace_task_collect-2532018-2.patch919 bytesgiancarlosotelo

Comments

giancarlosotelo’s picture

giancarlosotelo commented
Assigned: Unassigned » giancarlosotelo
giancarlosotelo’s picture

giancarlosotelo commented
Status: Active » Needs review
StatusFileSize
new replace_task_collect-2532018-2.patch919 bytes

Here is the patch

mbovan’s picture

mbovan commented
Status: Needs review » Needs work 
+++ b/common/src/Form/CollectSettingsFormBase.php
@@ -8,6 +8,7 @@
 use Drupal\Component\Utility\Xss;

We switched to SafeMarkup, which means Xss class is not used anymore, so we can remove this line.

giancarlosotelo’s picture

giancarlosotelo commented
Status: Needs work » Needs review
StatusFileSize
new replace_task_collect-2532018-4.patch921 bytes

Done

mbovan’s picture

mbovan commented
Status: Needs review » Reviewed & tested by the community

Nice!

P.S. We usually provide an interdiff (diff between latest and previous patch) and name it, in this case, something like: replace_task_collect-2532018-4-interdiff.txt.

miro_dietiker’s picture

miro_dietiker
Location Switzerland
commented
Status: Reviewed & tested by the community » Fixed

Committed, pushed.

The last submitted patch, 2: replace_task_collect-2532018-2.patch, failed testing.

Status: Fixed » Needs work

The last submitted patch, 4: replace_task_collect-2532018-4.patch, failed testing.

miro_dietiker’s picture

miro_dietiker
Location Switzerland
commented
Status: Needs work » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.