Quantcast
Channel: Issues for Drupal core
Viewing all articles
Browse latest Browse all 295251

Xss::filterAdmin() incorrectly filters time elements

$
0
0

Tested this with 8.0.5, ran into this with Views field rewriting when using a custom Twig function that returns a custom 'Time' element. The Twig function works well enough in a template, but Views has a #post_render closure (in \Drupal\views\Plugin\views\PluginBase::viewsTokenReplace()) that runs it through Xss::filterAdmin() again.

Psy Shell v0.7.2 (PHP 5.6.19 — cli) by Justin Hileman
>>> \Drupal\Component\Utility\Xss::filterAdmin('<time datetime="2016-11-10T00:00:00-08:00">November 10 2016</time>')
=> "<time datetime="00">November 10 2016</time>"

I'm not sure what it's trying to filter out, but this is definitely not desired behavior. Seems like it should either strip the attribute entirely, or leave it untouched instead of altering it.


Viewing all articles
Browse latest Browse all 295251

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>