Plugin Metadata Translation and Sanitization

Created on 12 March 2013, over 11 years ago
Updated 26 June 2023, 12 months ago

It is unclear to me at this point exactly how we need to be approaching this topic as a whole. Currently the only example I know of Drupal\block\Tests\BlockTitleXSSTest::testXSSInTitle() which is utilizing the Drupal\block_test\Plugin\block\block\TestXSSTitleBlock class as a platform to provide XSS injection for the block labels. This is puzzling on a number of levels for me because these label type elements should be getting passed through the @Translation class, not be stand alone, and if we need sanitization wrapped around that, then we probably need some additional configuration+hook that exists within the plugin manager to specify what metadata elements get additional handling and how.

I don't have any real answers here, but would like to discuss it some. What's the general consensus on this topic?

Eclipse

πŸ› Bug report
Status

Closed: outdated

Version

9.5

Component
PluginΒ  β†’

Last updated about 17 hours ago

Created by

πŸ‡ΊπŸ‡ΈUnited States EclipseGc

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.69.0 2024