Module and theme names are not filtered on output.

The Needs Review Queue Bot → tested this issue. It either no longer applies to Drupal core, or fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

Apart from a re-roll or rebase, this issue may need more work to address feedback in the issue or MR comments. To progress an issue, incorporate this feedback as part of the process of updating the issue. This helps other contributors to know what is outstanding.

Consult the Drupal Contributor Guide → to find step-by-step guides for working with issues.

Attached patch against Drupal 10.1.x

Patch #46 is not applied for Drupal 10 so Inter-diff file is not added.

Checking patch core/modules/system/src/Form/ModulesListForm.php...
Hunk #1 succeeded at 21 (offset 1 line).
Hunk #2 succeeded at 143 (offset 3 lines).
Hunk #3 succeeded at 208 (offset 8 lines).
error: while searching for:
$row['#requires'] = [];
$row['#required_by'] = [];

$row['name']['#markup'] = $module->info['name'];
$row['description']['#markup'] = $this->t($module->info['description']);
$row['version']['#markup'] = $module->info['version'];

// Generate link for module's help page. Assume that if a hook_help()
// implementation exists then the module provides an overview page, rather

error: patch failed: core/modules/system/src/Form/ModulesListForm.php:247
error: core/modules/system/src/Form/ModulesListForm.php: patch does not apply
Checking patch core/modules/system/system.admin.inc...

Came from http://www.madirish.net/555

Re-Rolled patch from #46 against 11.x head.

The Needs Review Queue Bot → tested this issue.

While you are making the above changes, we recommend that you convert this patch to a merge request → . Merge requests are preferred over patches. Be sure to hide the old patch files as well. (Converting an issue to a merge request without other contributions to the issue will not receive credit.)

Addressed the test failures & pipeline passed

Please review , moved NR

Thanks for continuing to work on this. Will need a test case showing the issue.

Added test case .

Please review , moved NR

Have not reviewed yet but issue summary appears to be incomplete could that be updated please

Can use https://www.drupal.org/docs/develop/issues/fields-and-other-parts-of-an-... → . for help if needed.

Hiding all patches for clarity

Ran test-only feature which gve

1) Drupal\Tests\system\FunctionalJavascript\PageXssVulnerabilityTest::testPageLoadWithoutXss
WebDriver\Exception\UnexpectedAlertOpen: unexpected alert open: {Alert text : evil desc}
  (Session info: headless chrome=106.0.5249.103)
  (Driver info: chromedriver=106.0.5249.61 (511755355844955cd3e264779baf0dd38212a4d0-refs/branch-heads/5249@{#569}),platform=Linux 5.4.266-178.365.amzn2.x86_64 x86_64)
/builds/issue/drupal-637538/vendor/lullabot/php-webdriver/lib/WebDriver/Exception.php:198
/builds/issue/drupal-637538/vendor/lullabot/php-webdriver/lib/WebDriver/AbstractWebDriver.php:216
/builds/issue/drupal-637538/vendor/lullabot/php-webdriver/lib/WebDriver/AbstractWebDriver.php:287
/builds/issue/drupal-637538/vendor/lullabot/php-webdriver/lib/WebDriver/Container.php:231
/builds/issue/drupal-637538/vendor/lullabot/php-webdriver/lib/WebDriver/Session.php:579
/builds/issue/drupal-637538/vendor/lullabot/mink-selenium2-driver/src/Selenium2Driver.php:541
/builds/issue/drupal-637538/core/tests/Drupal/Tests/DocumentElement.php:41
/builds/issue/drupal-637538/core/tests/Drupal/Tests/UiHelperTrait.php:261
/builds/issue/drupal-637538/core/modules/system/tests/src/FunctionalJavascript/PageXssVulnerabilityTest.php:44
ERRORS!
Tests: 1, Assertions: 6, Errors: 1.

Removing that tag

Left some comments on the MR

Addressed the mentioned feedbacks & rebased the MR

Please review, move NR.

I couldn't find a better place for this test so think it's own file should be fine.

Rebased the MR with latest code, seems working fine

Added some comments to the MR.

Applied the mentioned suggestions.

Please review, moving NR

Believe feedback has been addressed

Added some more review comments to address.

Applied mentioned suggestion to the MR.

Please review, moving NR

Applied the mentioned suggestion & left some comments for some feedbacks.

The Needs Review Queue Bot → tested this issue. It fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

Consult the Drupal Contributor Guide → to find step-by-step guides for working with issues.

Rebased MR with latest code & applied the left suggestion as well.

Please review, moving NR.

The Needs Review Queue Bot → tested this issue. It fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".

This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

Consult the Drupal Contributor Guide → to find step-by-step guides for working with issues.

Addressed test failures & pipeline passed successfully.

Please review, moving NR.

@all
I have reviewed MR !7436. It's looks good.
Moving to RTBC.
Thank you!!

To maintain consistency some minor change done

Please review, moving NR

Re-viewed the changes in the recent MR, Looks good.

Moving to RTBC+1

Only Rebased the MR with latest code, keeping it to the prev RTBC status

Committed and pushed 4c82b7eaac to 11.x and 80833d6441 to 11.0.x and 62fb919925 to 10.4.x and 9a57269327 to 10.3.x. Thanks!

Automatically closed - issue fixed for 2 weeks with no activity.