Plugin Metadata Translation and Sanitization

Created on 12 March 2013, over 11 years ago

Updated 26 June 2023, 12 months ago

It is unclear to me at this point exactly how we need to be approaching this topic as a whole. Currently the only example I know of Drupal\block\Tests\BlockTitleXSSTest::testXSSInTitle() which is utilizing the Drupal\block_test\Plugin\block\block\TestXSSTitleBlock class as a platform to provide XSS injection for the block labels. This is puzzling on a number of levels for me because these label type elements should be getting passed through the @Translation class, not be stand alone, and if we need sanitization wrapped around that, then we probably need some additional configuration+hook that exists within the plugin manager to specify what metadata elements get additional handling and how.

I don't have any real answers here, but would like to discuss it some. What's the general consensus on this topic?

Eclipse

🐛 Bug report

Status

Closed: outdated

Version

9.5

Component

Plugin →

Last updated about 17 hours ago

Maintained by
🇺🇸United States @EclipseGc
🇺🇸United States @effulgentsia
🇺🇸United States @tim.plunkett

Created by

🇺🇸United States EclipseGc

Live updates comments and jobs are added and updated live.

Bug Smash Initiative

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 12 months ago →
🇺🇸United States smustgrave
If still a valid bug please reopen updating issue summary with steps to reproduce, proposed solution, etc

Thanks!

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024