- 🇬🇧United Kingdom catch
Yes I think #2015313: Missing filters result in Exception when the format is used → was even an improvement over a previous issue that did what this suggests. Closing as outdated.
Originally, from
#560740-7: "Escape all HTML" filter does not escape any HTML →
Then we thought
#2348925: Uninstalling a filter plugin removes text formats →
fixed this.
But, we still need to resolve the behaviour in the following case:
1. A text format is configured to use a plugin
2. The plugin disappears.
There are now many less instances where a plugin can disappear, but not quite all of them:
1. The plugin could be removed or renamed in a contrib module with no upgrade path
2. The contrib module is removed from the system entirely without running uninstall
Neither of those cases are 'allowed', but is worth warning people about it. Even in these unsupported edge cases, Drupal should remain safe.
In either of those cases, when trying to run a text format, it should cause both an error and refuse to render the string.
Throw any kind of fatal error due to the class not existing or similar - as long as we don't fail completely silently as if nothing happened. - Simple. And puts the burden on those doing the crazy things: modules changing filters without upgrade path or developers removing code without letting Drupal know.
This is allowed in the beta because it is a major bug dealing with a priority change: security and the impact is greater than the disruption.
#560740-7: "Escape all HTML" filter does not escape any HTML →
First pass.
Not sufficient.
Closed: outdated
11.0 🔥
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Yes I think #2015313: Missing filters result in Exception when the format is used → was even an improvement over a previous issue that did what this suggests. Closing as outdated.