- πΊπΈUnited States smustgrave
If still a valid bug please reopen updating issue summary with steps to reproduce, proposed solution, etc
Thanks!
It is unclear to me at this point exactly how we need to be approaching this topic as a whole. Currently the only example I know of Drupal\block\Tests\BlockTitleXSSTest::testXSSInTitle() which is utilizing the Drupal\block_test\Plugin\block\block\TestXSSTitleBlock class as a platform to provide XSS injection for the block labels. This is puzzling on a number of levels for me because these label type elements should be getting passed through the @Translation class, not be stand alone, and if we need sanitization wrapped around that, then we probably need some additional configuration+hook that exists within the plugin manager to specify what metadata elements get additional handling and how.
I don't have any real answers here, but would like to discuss it some. What's the general consensus on this topic?
Eclipse
Closed: outdated
9.5
Last updated
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
If still a valid bug please reopen updating issue summary with steps to reproduce, proposed solution, etc
Thanks!