Clik here to view.
Remove oEmbed security warning
Problem/MotivationAs documented in #3208830: [policy, no patch] Secondary subdomain for viewing oEmbed content is confusing and pointless:When the oEmbed system was added to the core Media module, one...
View ArticleProvide config action to set editor plugin configuration
Problem/MotivationAt the moment there is only 1 config action for editor (actually only for CKEditor5 in its corresponding core module) addItemToToolbar that adds the item to editor toolbar. In case...
View ArticleUndefined array key "#markup" in...
Problem/Motivation A Warning is thrown when the translation is enabled for a config form and one of the form elements key contains the string "title" or "label"Steps to reproduceCreate a custom config...
View ArticleEnsure tests don't run twice
Problem/MotivationReported by @berdir in slack.=Drupal\KernelTests\Core\Plugin\DefaultPluginManagerTest shows up in both kernel test group 3/4 and...
View ArticleURL is not trimmed when there is a space at the end of it
Problem/MotivationI have an entity with a "Link" field. This field is shown in a form with "Link (with attributes)" widget. If I try to create a new entity, or update an existing one, and in this field...
View ArticleToken replace system has no access checking
This issue was discussed by the Drupal Security Team, and their decision was that this can be solved in a public issue.Problem/MotivationThe Drupal token system has an access permissions vulnerability....
View Articleviews.settings config object should not be used to cache list of display...
Problem/MotivationWhen a module has Views plugins, e.g. a display extender, its presence in the system is listed in the views.settings config objects in the "display_extenders" element. When Steps to...
View ArticleAJAX MessageCommand markup and styling differs from Theme default
Problem/MotivationMessageCommand was introduced in #3086096: Add a generic Ajax Message command. It is helpful to show status messages in AJAX contexts. Sadly it uses a totally different "render...
View ArticleThe link of the parent of the image node cannot be saved successfully
Problem/MotivationPremise: "Limit allowed HTML tags and correct faulty HTML" setting is unchecked.For already saved pages, it is not possible to change the link around the image again.Steps to...
View ArticleMultiple composer-related tests break with composer 2.8.1
Problem/MotivationInitially filed details in the wrong place: #3478331-26: Upgrade composer to 2.8.1 for PHP 8.4 - the errors look...
View ArticleOlivero: Avoid localStorage for anonymous user to prevent violation of data...
Problem/MotivationOlivero Theme sets every time the localStorage item Drupal.olivero.stickyHeaderState. Storing data in user's browser (no matter if cookie, localStorage or sessionStorage) requires in...
View ArticleWhen using ExecutionContext::addViolation() with no message parameter you get...
The configuration of custom validation involves the use of the ExecutionContext::addViolation() function. This function takes a message as its first parameter. If the message parameter is left empty...
View ArticleClik here to view.
Custom Error Pages On Admin Routes Display with the Admin Theme
Problem/MotivationSince Drupal 10.1, custom error pages on a admin path (/admin/*) are shown with the admin theme instead of the custom theme / non-admin theme. This is for users that have some level...
View ArticleAdd a path variant system
MotivationA requirement for experience builder outlined in #3484255: Support adding additional routes for view modes other than 'full' is to have alternative canonical routes, where the routes are tied...
View ArticleReplace @inheritdoc annotations with #[\Override]
Problem/MotivationPHP 8.3 introduced the Override attribute which, in general, is a signal to the PHP compiler that a method is intended to override a parent method of the same name or implement an...
View ArticleAdd support for disabling a route for a node-type
Problem/MotivationAKA Entity display route in coreSteps to reproduceProduct managers for Drupal CMS have identified this requirement:The ability to use nodes as micro-content (e.g. reference fields)...
View ArticleDiscuss Hardening Vertical Tabs Against Potential XSS
This issue was discussed by the Drupal Security Team, and their decision was that this can be solved in a public issue.Problem/MotivationWhile the current behavior of vertical tabs is "working as...
View ArticleDisabled update module shouldn't produce a status report warning
On the status report, if you have uninstalled the Update module you will get a big scary warning:Update notifications are not enabled. It is highly recommended that you enable the Update Manager...
View ArticleFix reference to hook_library_info_build
Problem/Motivationcore/lib/Drupal/Core/Hook/Attribute/Hook.php There is a comment that references hook_library_build_info it should be hook_library_info_buildSteps to reproduceN/AProposed...
View Article