#Needs backport to D7

Thank you for creating this issue to improve Drupal.

We are working to decide if this task is still relevant to a currently supported version of Drupal. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or is no longer relevant. Your thoughts on this will allow a decision to be made.

Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

Thanks!

Escalating to the framework managers since Filter doesn't have a subsystem maintainer.

Thank you for sharing your idea for improving Drupal.

We are working to decide if this proposal meets the Criteria for evaluating proposed changes. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or there is no community support. Your thoughts on this will allow a decision to be made.

Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

Thanks!

The proposed resolution only states the vague goal to "Provide feedback..." about unsecure tags. If implemented this feedback would only be provided when the format is saved. So on multi-admin sites only one person gets that feedback and only after saving the filter's form. What about the rest of the time, for instance when a format is imported from configuration? I don't see any discussion about when or where the feedback should be displayed. If this information is important for the site's security then shouldn't we display it every time the format is viewed or on the site status report? I'm tagging the issue for subsystem maintainer review to get comments on this.

Anyone following this issue: 📌 Remove $authorized param to UpdateMailTest::testUpdateEmail() Active is now ready for review if anyone is willing to give it a look. Thanks!

Per Slack chat with @xjm, postponing this bug fix on 📌 Remove $authorized param to UpdateMailTest::testUpdateEmail() Active , which I've re-scoped into fixing UpdateMailTest before we try to expand it here.

Okay, did some more sleuthing, and decided that 2 of the existing cases in this test are totally bogus, as is 1 of the new ones we added:

• _update_cron_notify() is the only place sends the 'status_notify' email.
• It returns early if there are no values in the $params array.
• It therefore seems pointless to unit test our hook_mail() implementation without parameters.

Removed all 3 cases, and the related @todo comments from my attempt to document everything.

Apologies for the possible scope creep. Perhaps we should postpone this on a new follow-up just to fix all the brokenness in this test, then circle back to fix the bug and expand the test. But it seemed more prudent to fix them all in 1 shot.

With the draft CR done, all MR threads resolved, and a green pipeline, this is ready for review again. 😅

Initial CR: https://www.drupal.org/node/3538659 →

This is getting close. Pushed a few commits to resolve a few more of the open threads. Down to 1 (the request for inline comments describing each case in UpdateMailTest::providerTestUpdateEmail()).

Also, opened 📌 Remove $authorized param to UpdateMailTest::testUpdateEmail() Active which I noticed while reviewing this. That's totally out of scope here, but should happen.