From 71b44b00748201ce55c5d2ae3fdaf22caa875ee9 Mon Sep 17 00:00:00 2001 From: Daniel Korte Date: Mon, 8 Jul 2019 18:01:12 -0500 Subject: [PATCH 1/4] Clean up module --- html_title.info.yml | 3 ++- html_title.links.menu.yml | 4 ++-- html_title.routing.yml | 2 +- src/Form/HtmlTitleSettingConfigForm.php | 4 ++-- src/HtmlTitleFilter.php | 4 ++-- 5 files changed, 9 insertions(+), 8 deletions(-) diff --git a/html_title.info.yml b/html_title.info.yml index 742b011..0a868a0 100644 --- a/html_title.info.yml +++ b/html_title.info.yml @@ -1,4 +1,5 @@ -name: 'Html title' +name: 'HTML title' description: 'Enables limited HTML markup in node titles.' core: 8.x type: module +configure: html_title.setting diff --git a/html_title.links.menu.yml b/html_title.links.menu.yml index 035a3fa..f5a42d4 100644 --- a/html_title.links.menu.yml +++ b/html_title.links.menu.yml @@ -1,6 +1,6 @@ html_title.setting: - title: Html title - description: 'Manage your site''s Html title settings.' + title: HTML title + description: 'Manage your site''s HTML title settings.' parent: system.admin_config_ui route_name: html_title.setting weight: 1 diff --git a/html_title.routing.yml b/html_title.routing.yml index 01d9987..55d0e49 100644 --- a/html_title.routing.yml +++ b/html_title.routing.yml @@ -2,6 +2,6 @@ html_title.setting: path: '/admin/config/user-interface/html_title' defaults: _form: '\Drupal\html_title\Form\HtmlTitleSettingConfigForm' - _title: 'Html title settings' + _title: 'HTML title settings' requirements: _permission: 'administer actions' diff --git a/src/Form/HtmlTitleSettingConfigForm.php b/src/Form/HtmlTitleSettingConfigForm.php index 3c2d3d5..ab4b959 100644 --- a/src/Form/HtmlTitleSettingConfigForm.php +++ b/src/Form/HtmlTitleSettingConfigForm.php @@ -12,7 +12,7 @@ */ class HtmlTitleSettingConfigForm extends ConfigFormBase { - protected static $allowHtmlTags = ['', '']; + protected static $allowHtmlTags = ['
', '', '']; /** * {@inheritdoc} @@ -36,7 +36,7 @@ public function buildForm(array $form, FormStateInterface $form_state) { $form['allow_html_tags'] = [ '#type' => 'textfield', - '#title' => $this->t('Allow html tags'), + '#title' => $this->t('Allowed HTML tags'), '#maxlength' => 64, '#size' => 64, '#default_value' => $config->get('allow_html_tags'), diff --git a/src/HtmlTitleFilter.php b/src/HtmlTitleFilter.php index 0c2babd..9aa73cc 100644 --- a/src/HtmlTitleFilter.php +++ b/src/HtmlTitleFilter.php @@ -45,8 +45,8 @@ private function filterXSS($title) { $n->nodeValue = htmlentities($n->nodeValue, ENT_QUOTES); } $body = str_replace( - array('"', '''), - array('"', '''), + array('"', ''', '‘', '’', '“', '”'), + array('"', ''', '‘', '’', '“', '”'), $dom->saveHTML($dom->getElementsByTagName('body')->item(0)) ); return Xss::filter($body, $this->getAllowHtmlTags()); From c4b77b2044f16115565dcc16afc4554dc3ec1e30 Mon Sep 17 00:00:00 2001 From: Daniel Korte Date: Sat, 27 Jul 2019 11:42:50 -0500 Subject: [PATCH 2/4] Comments clean up --- src/HtmlTitleFilter.php | 10 +++++----- src/Plugin/views/field/NodeHtmlTitle.php | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/HtmlTitleFilter.php b/src/HtmlTitleFilter.php index 9aa73cc..3c624c4 100644 --- a/src/HtmlTitleFilter.php +++ b/src/HtmlTitleFilter.php @@ -29,8 +29,8 @@ public function __construct(ConfigFactory $configFactory) { /** * Helper function to help filter out unwanted XSS opportunities. * - * Use this function if you expect to have junk or incomplete html. It uses the - * same strategy as the "Fix Html" filter option in configuring the HTML + * Use this function if you expect to have junk or incomplete HTML. It uses the + * same strategy as the "Fix HTML" filter option in configuring the HTML * filter in the text format configuration. */ private function filterXSS($title) { @@ -53,21 +53,21 @@ private function filterXSS($title) { } /** - * Filte string with allow html tags. + * Filter string with allowed HTML tags. */ public function decodeToText($str) { return $this->filterXSS(Html::decodeEntities((string) $str)); } /** - * Filte string with allow html tags. + * Filter string with allowed HTML tags. */ public function decodeToMarkup($str) { return Markup::create($this->decodeToText($str)); } /** - * Get allow html tags array. + * Get allowed HTML tags array. */ public function getAllowHtmlTags() { $tags = []; diff --git a/src/Plugin/views/field/NodeHtmlTitle.php b/src/Plugin/views/field/NodeHtmlTitle.php index b4dab7c..cec4ec1 100644 --- a/src/Plugin/views/field/NodeHtmlTitle.php +++ b/src/Plugin/views/field/NodeHtmlTitle.php @@ -11,7 +11,7 @@ use Drupal\views\ResultRow; /** - * A field that displays node html title . + * A field that displays node HTML title. * * @ingroup views_field_handlers * @@ -20,7 +20,7 @@ class NodeHtmlTitle extends Node { /** - * Render title with html tags. + * Render title with HTML tags. */ public function render(ResultRow $values) { $output = parent::render($values); From 6f33c1ea13105ef969f30ac022c9445815fa2497 Mon Sep 17 00:00:00 2001 From: Daniel Korte Date: Sat, 27 Jul 2019 11:56:11 -0500 Subject: [PATCH 3/4] Add ampersand to HTML entities --- src/HtmlTitleFilter.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/HtmlTitleFilter.php b/src/HtmlTitleFilter.php index 3c624c4..f3f7cfa 100644 --- a/src/HtmlTitleFilter.php +++ b/src/HtmlTitleFilter.php @@ -45,8 +45,8 @@ private function filterXSS($title) { $n->nodeValue = htmlentities($n->nodeValue, ENT_QUOTES); } $body = str_replace( - array('"', ''', '‘', '’', '“', '”'), - array('"', ''', '‘', '’', '“', '”'), + array('&', '"', ''', '‘', '’', '“', '”'), + array('&', '"', ''', '‘', '’', '“', '”'), $dom->saveHTML($dom->getElementsByTagName('body')->item(0)) ); return Xss::filter($body, $this->getAllowHtmlTags()); From 3505bc17e6d263a5c84e01566d481f15e4570f34 Mon Sep 17 00:00:00 2001 From: Daniel Korte Date: Tue, 6 Aug 2019 18:00:55 -0400 Subject: [PATCH 4/4] Replace all HTML entities correctly --- src/HtmlTitleFilter.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/HtmlTitleFilter.php b/src/HtmlTitleFilter.php index f3f7cfa..c91274b 100644 --- a/src/HtmlTitleFilter.php +++ b/src/HtmlTitleFilter.php @@ -45,8 +45,8 @@ private function filterXSS($title) { $n->nodeValue = htmlentities($n->nodeValue, ENT_QUOTES); } $body = str_replace( - array('&', '"', ''', '‘', '’', '“', '”'), - array('&', '"', ''', '‘', '’', '“', '”'), + array('&', '"', ''', 'À', 'Á', 'Â', 'Ã', 'Ä', 'Å', 'Æ', 'Ç', 'È', 'É', 'Ê', 'Ë', 'Ì', 'Í', 'Î', 'Ï', 'Ð', 'Ñ', 'Ò', 'Ó', 'Ô', 'Õ', 'Ö', 'Ø', 'Ù', 'Ú', 'Û', 'Ü', 'Ý', 'Þ', 'ß', 'à', 'á', 'â', 'ã', 'ä', 'å', 'æ', 'ç', 'è', 'é', 'ê', 'ë', 'ì', 'í', 'î', 'ï', 'ð', 'ñ', 'ò', 'ó', 'ô', 'õ', 'ö', 'ø', 'ù', 'ú', 'û', 'ü', 'ý', 'þ', 'ÿ', ' ', '¡', '¢', '£', '¤', '¥', '¦', '§', '¨', '©', 'ª', '«', '¬', '­', '®', '¯', '°', '±', '²', '³', '´', 'µ', '¶', '¸', '¹', 'º', '»', '¼', '½', '¾', '¿', '×', '÷', '∀', '∂', '∃', '∅', '∇', '∈', '∉', '∋', '∏', '∑', '−', '∗', '√', '∝', '∞', '∠', '∧', '∨', '∩', '∪', '∫', '∴', '∼', '≅', '≈', '≠', '≡', '≤', '≥', '⊂', '⊃', '⊄', '⊆', '⊇', '⊕', '⊗', '⊥', '⋅', 'Α', 'Β', 'Γ', 'Δ', 'Ε', 'Ζ', 'Η', 'Θ', 'Ι', 'Κ', 'Λ', 'Μ', 'Ν', 'Ξ', 'Ο', 'Π', 'Ρ', 'Σ', 'Τ', 'Υ', 'Φ', 'Χ', 'Ψ', 'Ω', 'α', 'β', 'γ', 'δ', 'ε', 'ζ', 'η', 'θ', 'ι', 'κ', 'λ', 'μ', 'ν', 'ξ', 'ο', 'π', 'ρ', 'ς', 'σ', 'τ', 'υ', 'φ', 'χ', 'ψ', 'ω', 'ϑ', 'ϒ', 'ϖ', 'Œ', 'œ', 'Š', 'š', 'Ÿ', 'ƒ', 'ˆ', '˜', ' ', ' ', ' ', '‌', '‍', '‎', '‏', '–', '—', '‘', '’', '‚', '“', '”', '„', '†', '‡', '•', '…', '‰', '′', '″', '‹', '›', '‾', '€', '™', '←', '↑', '→', '↓', '↔', '↵', '⌈', '⌉', '⌊', '⌋', '◊', '♠', '♣', '♥', '♦'), + array('&', '"', ''', 'À', 'Á', 'Â', 'Ã', 'Ä', 'Å', 'Æ', 'Ç', 'È', 'É', 'Ê', 'Ë', 'Ì', 'Í', 'Î', 'Ï', 'Ð', 'Ñ', 'Ò', 'Ó', 'Ô', 'Õ', 'Ö', 'Ø', 'Ù', 'Ú', 'Û', 'Ü', 'Ý', 'Þ', 'ß', 'à', 'á', 'â', 'ã', 'ä', 'å', 'æ', 'ç', 'è', 'é', 'ê', 'ë', 'ì', 'í', 'î', 'ï', 'ð', 'ñ', 'ò', 'ó', 'ô', 'õ', 'ö', 'ø', 'ù', 'ú', 'û', 'ü', 'ý', 'þ', 'ÿ', ' ', '¡', '¢', '£', '¤', '¥', '¦', '§', '¨', '©', 'ª', '«', '¬', '­', '®', '¯', '°', '±', '²', '³', '´', 'µ', '¶', '¸', '¹', 'º', '»', '¼', '½', '¾', '¿', '×', '÷', '∀', '∂', '∃', '∅', '∇', '∈', '∉', '∋', '∏', '∑', '−', '∗', '√', '∝', '∞', '∠', '∧', '∨', '∩', '∪', '∫', '∴', '∼', '≅', '≈', '≠', '≡', '≤', '≥', '⊂', '⊃', '⊄', '⊆', '⊇', '⊕', '⊗', '⊥', '⋅', 'Α', 'Β', 'Γ', 'Δ', 'Ε', 'Ζ', 'Η', 'Θ', 'Ι', 'Κ', 'Λ', 'Μ', 'Ν', 'Ξ', 'Ο', 'Π', 'Ρ', 'Σ', 'Τ', 'Υ', 'Φ', 'Χ', 'Ψ', 'Ω', 'α', 'β', 'γ', 'δ', 'ε', 'ζ', 'η', 'θ', 'ι', 'κ', 'λ', 'μ', 'ν', 'ξ', 'ο', 'π', 'ρ', 'ς', 'σ', 'τ', 'υ', 'φ', 'χ', 'ψ', 'ω', 'ϑ', 'ϒ', 'ϖ', 'Œ', 'œ', 'Š', 'š', 'Ÿ', 'ƒ', 'ˆ', '˜', ' ', ' ', ' ', '‌', '‍', '‎', '‏', '–', '—', '‘', '’', '‚', '“', '”', '„', '†', '‡', '•', '…', '‰', '′', '″', '‹', '›', '‾', '€', '™', '←', '↑', '→', '↓', '↔', '↵', '⌈', '⌉', '⌊', '⌋', '◊', '♠', '♣', '♥', '♦'), $dom->saveHTML($dom->getElementsByTagName('body')->item(0)) ); return Xss::filter($body, $this->getAllowHtmlTags());