Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.On a site I'm working on we noticed html entities in our term names (& instead of & for example) when displaying a hierarchy of terms in a dropdown exposed filter. I managed it trace it back to i18nviews_handler_filter_taxonomy_index_tid.inc, where a call to i18n_taxonomy_term_name($term) was being wrapped in check_plain, so this patch removes that call.
Keeping security in mind, I've taken to look to see if it would open up any XSS vulnerabilities and my general feeling is we should be fine as this is in line with the way that views_handler_filter_term_node_tid handles term names, but if anyone wants to spend some more time researching this it'd be appreciated.
| Comment | File | Size | Author |
|---|---|---|---|
| i18nviews-check_plain.patch | 787 bytes | evanbarter |
