- First commit to issue fork.
- last update
over 1 year ago 83 pass - last update
over 1 year ago 82 pass, 1 fail - 🇳🇿New Zealand ericgsmith
I would like to propose an alternative suggestion based on the work in #3355004 which I will close as a duplicate issue.
Rather than removing escaping from the matcher plugin, we can handle the HTML clientside when inserting the value into the title field. This keeps the output from module correctly escaped. I believe it should be the responsibility of the thing using this data to correctly handle the escaped HTML.
No interdiff attached as this is an alternative approach.
The last submitted patch, 24: linkit-issue-linking-to-ampersands-2981543-24-test-only.patch, failed testing. View results →
- codesniffer_fixes.patch Interdiff of automated coding standards fixes only.- 🇳🇱Netherlands idebr
I believe it should be the responsibility of the thing using this data to correctly handle the escaped HTML.
Typically the output layer does the escaping to prevent duplicate escaping. For reference see #2297711: Fix HTML escaping due to Twig autoescape →
- last update
over 1 year ago 83 pass - 🇨🇭Switzerland idflood
I wasn't able to apply patch in #24 to the current 6.0.0 so here is a reroll.
- 🇳🇿New Zealand ericgsmith
#27 - apologies I missed your reply.
RE:
Typically the output layer does the escaping to prevent duplicate escaping. For reference see #2297711: Fix HTML escaping due to Twig autoescape
I agree with this - Drupal is still an output layer via the endpoint - and my suggestion is to keep the Drupal application escaping at the output layer.
I believe this is similar to how core handles autocompletes - e.g for a standard entity autocomplete the html is escaped by Drupal so that the JS just renders what it receives https://git.drupalcode.org/project/drupal/-/blob/11.x/core/misc/autocomp...
The difference here is after rendering we are wanting to take something that is HTML back into a plain text context - which I believe we can do by getting the text content of the html element instead of removing any escaping from the backend.
- 🇮🇳India NivethaSubramaniyan
I applied the patch in drupal 10.1.0 instance with linkit 6.1.0.
After applying the patch, it seems to be working fine . I have attached screenshots for the reference. - Status changed to RTBC
over 1 year ago 7:15pm 25 August 2023 - 🇺🇸United States mark_fullmer Tucson
The difference here is after rendering we are wanting to take something that is HTML back into a plain text context - which I believe we can do by getting the text content of the html element instead of removing any escaping from the backend.
This rationale makes sense to me, and the resolution is significantly more comprehensible than the approach of removing escaping from the matcher.
I'll proceed to merge this into both the 6.0.x branch (compatible with Drupal 9.x through 10.0.x) and the 6.1.x (compatible with Drupal 10.1.x+).
-
mark_fullmer →
committed 362de9af on 6.0.x
Issue #2981543 by idebr, idflood, ericgsmith, zero2one, mark_fullmer:...
-
mark_fullmer →
committed 362de9af on 6.0.x
-
mark_fullmer →
committed 2e81e22f on 6.1.x
Issue #2981543 by idebr, idflood, ericgsmith, zero2one, mark_fullmer:...
-
mark_fullmer →
committed 2e81e22f on 6.1.x
- Status changed to Fixed
over 1 year ago 7:17pm 25 August 2023 Automatically closed - issue fixed for 2 weeks with no activity.