Problem/Motivation
Xss::filterAdmin() is currently stripping out the picture & source html elements that are part of the Core module Responsive Image. $adminTags sets the elements that are whitelisted and would need to be updated.
This bug was first found at https://www.drupal.org/node/2687479. Views is stripping out the picture & source elements when responsive images fields are being rewritten. The patch there will be uploaded here to start / demo a fix that would need to be reviewed.
Steps to reproduce
This is for testing responsive image support (picture):
1. Install Drupal with Umami profile
2. Create new View: Content of type Article, Create a page, Save and edit
3. Switch Format from Content to Fields
4. Add a Media Image field
5. Choose Formatter = Rendered entity and View mode = Responsive 3x2
6. Look at the page
7. Result: See original image for the articles
8. Expected: See responsive image for the articles
Proposed resolution
Review/update $adminTags to include picture & source. It would probably be good to review $adminTags to see if there are any other html elements that should be whitelisted at the same time.
Remaining tasks
- Review what HTML elements to add
- New HTML elements to be reviewed for XSS vulnerabilities
User interface changes
none
API changes
none
Data model changes
none