Plugin Metadata Translation and Sanitization

Created on 12 March 2013, about 12 years ago

Updated 26 June 2023, almost 2 years ago

It is unclear to me at this point exactly how we need to be approaching this topic as a whole. Currently the only example I know of Drupal\block\Tests\BlockTitleXSSTest::testXSSInTitle() which is utilizing the Drupal\block_test\Plugin\block\block\TestXSSTitleBlock class as a platform to provide XSS injection for the block labels. This is puzzling on a number of levels for me because these label type elements should be getting passed through the @Translation class, not be stand alone, and if we need sanitization wrapped around that, then we probably need some additional configuration+hook that exists within the plugin manager to specify what metadata elements get additional handling and how.

I don't have any real answers here, but would like to discuss it some. What's the general consensus on this topic?

Eclipse

🐛 Bug report

Status

Closed: outdated

Version

9.5

Component

Plugin →

Last updated about 3 hours ago

Maintained by
🇺🇸United States @eclipsegc
🇺🇸United States @effulgentsia
🇺🇸United States @tim.plunkett

Created by

🇺🇸United States eclipsegc

Live updates comments and jobs are added and updated live.

Bug Smash Initiative

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment almost 2 years ago →
🇺🇸United States smustgrave
If still a valid bug please reopen updating issue summary with steps to reproduce, proposed solution, etc

Thanks!

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024