Last active
August 17, 2018 14:15
-
-
Save ahebrank/19d2172b3ba2ae45088cf4f6e12a6fb1 to your computer and use it in GitHub Desktop.
Linkit: more specific label sanitization
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/src/Plugin/Linkit/Matcher/EntityMatcher.php b/src/Plugin/Linkit/Matcher/EntityMatcher.php | |
| index a8a85c8..be57dfa 100644 | |
| --- a/src/Plugin/Linkit/Matcher/EntityMatcher.php | |
| +++ b/src/Plugin/Linkit/Matcher/EntityMatcher.php | |
| @@ -3,6 +3,7 @@ | |
| namespace Drupal\linkit\Plugin\Linkit\Matcher; | |
| use Drupal\Component\Utility\Html; | |
| +use Drupal\Component\Utility\Xss; | |
| use Drupal\Core\Config\Entity\ConfigEntityTypeInterface; | |
| use Drupal\Core\Database\Connection; | |
| use Drupal\Core\Entity\EntityInterface; | |
| @@ -406,7 +407,7 @@ class EntityMatcher extends ConfigurableMatcherBase { | |
| * The label for this entity. | |
| */ | |
| protected function buildLabel(EntityInterface $entity) { | |
| - return Html::escape($entity->label()); | |
| + return Xss::filter($entity->label()); | |
| } | |
| /** |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment