Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2544262 by stefan.r, josephdpurcell, akalata, YesCT, joelpittet: Refactor use of SafeMarkup::set in \Drupal\Core\Render\Element\HtmlTag::preRenderConditionalComments()

8.0.x
Alex Pott 2015-08-12 19:26:50 +01:00
parent f85c0c140d
commit 7c4205aa77
2 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
core/lib/Drupal/Core/Render/Element/HtmlTag.php
View File

@ -8,6 +8,7 @@
namespace Drupal\Core\Render\Element;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Render\SafeString;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Template\Attribute;
@ -183,17 +184,18 @@ class HtmlTag extends RenderElement {
$suffix = Xss::filterAdmin($suffix);
}
// Now calling SafeMarkup::set is safe, because we ensured the
// data coming in was at least admin escaped.
// We ensured above that $expression is either a string we created or is
// admin XSS filtered, and that $prefix and $suffix are also admin XSS
// filtered if they are unsafe. Thus, all these strings are safe.
if (!$browsers['!IE']) {
// "downlevel-hidden".
$element['#prefix'] = SafeMarkup::set("\n<!--[if $expression]>\n" . $prefix);
$element['#suffix'] = SafeMarkup::set($suffix . "<![endif]-->\n");
$element['#prefix'] = SafeString::create("\n<!--[if $expression]>\n" . $prefix);
$element['#suffix'] = SafeString::create($suffix . "<![endif]-->\n");
}
else {
// "downlevel-revealed".
$element['#prefix'] = SafeMarkup::set("\n<!--[if $expression]><!-->\n" . $prefix);
$element['#suffix'] = SafeMarkup::set($suffix . "<!--<![endif]-->\n");
$element['#prefix'] = SafeString::create("\n<!--[if $expression]><!-->\n" . $prefix);
$element['#suffix'] = SafeString::create($suffix . "<!--<![endif]-->\n");
}
return $element;

8
core/tests/Drupal/Tests/Core/Render/Element/HtmlTagTest.php
View File

@ -7,7 +7,7 @@
namespace Drupal\Tests\Core\Render\Element;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Render\SafeString;
use Drupal\Tests\UnitTestCase;
use Drupal\Core\Render\Element\HtmlTag;
@ -87,10 +87,10 @@ class HtmlTagTest extends UnitTestCase {
*/
public function testPreRenderConditionalComments($element, $expected, $set_safe = FALSE) {
if ($set_safe) {
SafeMarkup::set($element['#prefix']);
SafeMarkup::set($element['#suffix']);
$element['#prefix'] = SafeString::create($element['#prefix']);
$element['#suffix'] = SafeString::create($element['#suffix']);
}
$this->assertSame($expected, HtmlTag::preRenderConditionalComments($element));
$this->assertEquals($expected, HtmlTag::preRenderConditionalComments($element));
}
/**