From 3db57c91bbde4262100d6c9f8ce08e4d8d67e81b Mon Sep 17 00:00:00 2001
From: webchick <webchick@24967.no-reply.drupal.org>
Date: Fri, 26 Apr 2013 09:33:39 -0700
Subject: [PATCH] Issue #1978422 by dawehner, linclark, klausi: Fixed REST
 export views preview needs to escape the JSON output.

---
 .../rest/Plugin/views/display/RestExport.php  |  1 +
 .../rest/Tests/Views/StyleSerializerTest.php  | 26 +++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/core/modules/rest/lib/Drupal/rest/Plugin/views/display/RestExport.php b/core/modules/rest/lib/Drupal/rest/Plugin/views/display/RestExport.php
index 7164c475eb99..5ce4a52d0c79 100644
--- a/core/modules/rest/lib/Drupal/rest/Plugin/views/display/RestExport.php
+++ b/core/modules/rest/lib/Drupal/rest/Plugin/views/display/RestExport.php
@@ -216,6 +216,7 @@ class RestExport extends PathPluginBase {
     // Wrap the output in a pre tag if this is for a live preview.
     if (!empty($this->view->live_preview)) {
       $build['#prefix'] = '<pre>';
+      $build['#markup'] = check_plain($build['#markup']);
       $build['#suffix'] = '</pre>';
     }
 
diff --git a/core/modules/rest/lib/Drupal/rest/Tests/Views/StyleSerializerTest.php b/core/modules/rest/lib/Drupal/rest/Tests/Views/StyleSerializerTest.php
index 0a9d5c57d42a..534995545529 100644
--- a/core/modules/rest/lib/Drupal/rest/Tests/Views/StyleSerializerTest.php
+++ b/core/modules/rest/lib/Drupal/rest/Tests/Views/StyleSerializerTest.php
@@ -221,4 +221,30 @@ class StyleSerializerTest extends PluginTestBase {
     }
   }
 
+  /**
+   * Tests the preview output for json output.
+   */
+  public function testPreview() {
+    $view = views_get_view('test_serializer_display_entity');
+    $view->setDisplay('rest_export_1');
+    $this->executeView($view);
+
+    // Get the serializer service.
+    $serializer = $this->container->get('serializer');
+
+    $entities = array();
+    foreach ($view->result as $row) {
+      $entities[] = $row->_entity;
+    }
+
+    $expected = check_plain($serializer->serialize($entities, 'hal_json'));
+
+    $view->display_handler->setContentType('hal_json');
+    $view->live_preview = TRUE;
+
+    $build = $view->preview();
+    $rendered_json = $build['#markup'];
+    $this->assertEqual($rendered_json, $expected, 'Ensure the previewed json is escaped.');
+  }
+
 }