diff --git a/core/lib/Drupal/Core/Entity/Element/EntityAutocomplete.php b/core/lib/Drupal/Core/Entity/Element/EntityAutocomplete.php
index 0691239dfa..bfbb9dd9c9 100644
--- a/core/lib/Drupal/Core/Entity/Element/EntityAutocomplete.php
+++ b/core/lib/Drupal/Core/Entity/Element/EntityAutocomplete.php
@@ -296,7 +296,9 @@ protected static function matchEntityByTitle(SelectionInterface $handler, $input
$multiples[] = $name . ' (' . $id . ')';
}
$params['@id'] = $id;
- $form_state->setError($element, t('Multiple entities match this reference; "%multiple". Specify the one you want by appending the id in parentheses, like "@value (@id)".', ['%multiple' => implode('", "', $multiples)] + $params));
+ // Call strip_tags to clean up the label display if we are getting the
+ // list of matches from an entity reference view.
+ $form_state->setError($element, t('Multiple entities match this reference; "%multiple". Specify the one you want by appending the id in parentheses, like "@value (@id)".', ['%multiple' => strip_tags(implode('", "', $multiples))] + $params));
}
else {
// Take the one and only matching entity.
diff --git a/core/lib/Drupal/Core/Entity/Plugin/EntityReferenceSelection/DefaultSelection.php b/core/lib/Drupal/Core/Entity/Plugin/EntityReferenceSelection/DefaultSelection.php
index 7d9711e4c0..54c542ada0 100644
--- a/core/lib/Drupal/Core/Entity/Plugin/EntityReferenceSelection/DefaultSelection.php
+++ b/core/lib/Drupal/Core/Entity/Plugin/EntityReferenceSelection/DefaultSelection.php
@@ -16,6 +16,7 @@
use Drupal\Core\Field\Plugin\Field\FieldType\EntityReferenceItem;
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
+use Drupal\Core\Render\RendererInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\user\EntityOwnerInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
@@ -90,6 +91,13 @@ class DefaultSelection extends SelectionPluginBase implements ContainerFactoryPl
*/
protected $currentUser;
+ /**
+ * The renderer.
+ *
+ * @var \Drupal\Core\Render\RendererInterface
+ */
+ protected $renderer;
+
/**
* Constructs a new DefaultSelection object.
*
@@ -111,8 +119,10 @@ class DefaultSelection extends SelectionPluginBase implements ContainerFactoryPl
* The entity type bundle info service.
* @param \Drupal\Core\Entity\EntityRepositoryInterface $entity_repository
* The entity repository.
+ * @param \Drupal\Core\Render\RendererInterface|null $renderer
+ * The renderer.
*/
- public function __construct(array $configuration, $plugin_id, $plugin_definition, EntityTypeManagerInterface $entity_type_manager, ModuleHandlerInterface $module_handler, AccountInterface $current_user, EntityFieldManagerInterface $entity_field_manager = NULL, EntityTypeBundleInfoInterface $entity_type_bundle_info = NULL, EntityRepositoryInterface $entity_repository = NULL) {
+ public function __construct(array $configuration, $plugin_id, $plugin_definition, EntityTypeManagerInterface $entity_type_manager, ModuleHandlerInterface $module_handler, AccountInterface $current_user, EntityFieldManagerInterface $entity_field_manager = NULL, EntityTypeBundleInfoInterface $entity_type_bundle_info = NULL, EntityRepositoryInterface $entity_repository = NULL, RendererInterface $renderer = NULL) {
parent::__construct($configuration, $plugin_id, $plugin_definition);
$this->entityTypeManager = $entity_type_manager;
@@ -136,6 +146,12 @@ public function __construct(array $configuration, $plugin_id, $plugin_definition
$entity_repository = \Drupal::service('entity.repository');
}
$this->entityRepository = $entity_repository;
+
+ if (!$renderer) {
+ @trigger_error('Calling DefaultSelection::__construct() with the $renderer argument is supported in drupal:8.7.0 and will be required before drupal:9.0.0.', E_USER_DEPRECATED);
+ $renderer = \Drupal::service('renderer');
+ }
+ $this->renderer = $renderer;
}
/**
@@ -151,7 +167,8 @@ public static function create(ContainerInterface $container, array $configuratio
$container->get('current_user'),
$container->get('entity_field.manager'),
$container->get('entity_type.bundle.info'),
- $container->get('entity.repository')
+ $container->get('entity.repository'),
+ $container->get('renderer')
);
}
diff --git a/core/modules/field/tests/src/Functional/EntityReference/Views/SelectionTest.php b/core/modules/field/tests/src/Functional/EntityReference/Views/SelectionTest.php
index 6e12a8e519..f2961a3827 100644
--- a/core/modules/field/tests/src/Functional/EntityReference/Views/SelectionTest.php
+++ b/core/modules/field/tests/src/Functional/EntityReference/Views/SelectionTest.php
@@ -2,6 +2,10 @@
namespace Drupal\Tests\field\Functional\EntityReference\Views;
+use Drupal\Component\Serialization\Json;
+use Drupal\Component\Utility\Crypt;
+use Drupal\Component\Utility\Html;
+use Drupal\Core\Site\Settings;
use Drupal\field\Entity\FieldConfig;
use Drupal\Tests\BrowserTestBase;
use Drupal\views\Views;
@@ -17,9 +21,9 @@ class SelectionTest extends BrowserTestBase {
public static $modules = ['node', 'views', 'entity_reference_test', 'entity_test'];
/**
- * Nodes for testing.
+ * An array of node titles, keyed by content type and node ID.
*
- * @var array
+ * @var \Drupal\node\NodeInterface[]
*/
protected $nodes = [];
@@ -36,14 +40,16 @@ class SelectionTest extends BrowserTestBase {
protected function setUp() {
parent::setUp();
- // Create nodes.
- $type = $this->drupalCreateContentType()->id();
- $node1 = $this->drupalCreateNode(['type' => $type]);
- $node2 = $this->drupalCreateNode(['type' => $type]);
- $node3 = $this->drupalCreateNode();
+ // Create content types and nodes.
+ $type1 = $this->drupalCreateContentType()->id();
+ $type2 = $this->drupalCreateContentType()->id();
+ // Add some characters that should be escaped but not double escaped.
+ $node1 = $this->drupalCreateNode(['type' => $type1, 'title' => 'Test first node &<>']);
+ $node2 = $this->drupalCreateNode(['type' => $type1, 'title' => 'Test second node &&&']);
+ $node3 = $this->drupalCreateNode(['type' => $type2, 'title' => 'Test third node ']);
foreach ([$node1, $node2, $node3] as $node) {
- $this->nodes[$node->getType()][$node->id()] = $node->label();
+ $this->nodes[$node->id()] = $node;
}
// Create a field.
@@ -76,6 +82,80 @@ protected function setUp() {
$this->field = $field;
}
+ /**
+ * Tests the anchor tag stripping.
+ *
+ * Unstripped results based on the data above will result in output like so:
+ * ...Test first node...
+ * ...Test second node...
+ * ...Test third node...
+ * If we expect our output to not have the tags, and this matches what's
+ * produced by the tag-stripping method, we'll know that it's working.
+ */
+ public function testAnchorTagStripping() {
+ // Get values from selection handler.
+ $handler = $this->container->get('plugin.manager.entity_reference_selection')->getSelectionHandler($this->field);
+ $display_execution_results = $handler->getReferenceableEntities();
+
+ $filtered_rendered_results_formatted = [];
+ foreach ($display_execution_results as $subresults) {
+ $filtered_rendered_results_formatted += $subresults;
+ }
+
+ // Note the missing tags.
+ $expected = [
+ 1 => '' . Html::escape($this->nodes[1]->label()) . '',
+ 2 => '' . Html::escape($this->nodes[2]->label()) . '',
+ 3 => '' . Html::escape($this->nodes[3]->label()) . '',
+ ];
+
+ $this->assertEqual($filtered_rendered_results_formatted, $expected, 'Anchor tag stripping has failed.');
+ }
+
+ /**
+ * Tests that the Views selection handles the views output properly.
+ */
+ public function testAutocompleteOutput() {
+ // Reset any internal static caching.
+ \Drupal::service('entity_type.manager')->getStorage('node')->resetCache();
+
+ $view = Views::getView('test_entity_reference');
+ $view->setDisplay();
+
+ // Enable the display of the 'type' field so we can test that the output
+ // does not contain only the entity label.
+ $fields = $view->displayHandlers->get('entity_reference_1')->getOption('fields');
+ $fields['type']['exclude'] = FALSE;
+ $view->displayHandlers->get('entity_reference_1')->setOption('fields', $fields);
+ $view->save();
+
+ // Prepare the selection settings key needed by the entity reference
+ // autocomplete route.
+ $target_type = 'node';
+ $selection_handler = $this->field->getSetting('handler');
+ $selection_settings = $this->field->getSetting('handler_settings');
+ $selection_settings_key = Crypt::hmacBase64(serialize($selection_settings) . $target_type . $selection_handler, Settings::getHashSalt());
+ \Drupal::keyValue('entity_autocomplete')->set($selection_settings_key, $selection_settings);
+
+ $result = Json::decode($this->drupalGet('entity_reference_autocomplete/' . $target_type . '/' . $selection_handler . '/' . $selection_settings_key, ['query' => ['q' => 't']]));
+
+ $expected = [
+ 0 => [
+ 'value' => $this->nodes[1]->bundle() . ': ' . $this->nodes[1]->label() . ' (' . $this->nodes[1]->id() . ')',
+ 'label' => '' . $this->nodes[1]->bundle() . ': ' . Html::escape($this->nodes[1]->label()) . '',
+ ],
+ 1 => [
+ 'value' => $this->nodes[2]->bundle() . ': ' . $this->nodes[2]->label() . ' (' . $this->nodes[2]->id() . ')',
+ 'label' => '' . $this->nodes[2]->bundle() . ': ' . Html::escape($this->nodes[2]->label()) . '',
+ ],
+ 2 => [
+ 'value' => $this->nodes[3]->bundle() . ': ' . $this->nodes[3]->label() . ' (' . $this->nodes[3]->id() . ')',
+ 'label' => '' . $this->nodes[3]->bundle() . ': ' . Html::escape($this->nodes[3]->label()) . '',
+ ],
+ ];
+ $this->assertEqual($result, $expected, 'The autocomplete result of the Views entity reference selection handler contains the proper output.');
+ }
+
/**
* Confirm the expected results are returned.
*
@@ -83,16 +163,12 @@ protected function setUp() {
* Query results keyed by node type and nid.
*/
protected function assertResults(array $result) {
- $success = FALSE;
foreach ($result as $node_type => $values) {
foreach ($values as $nid => $label) {
- if (!$success = $this->nodes[$node_type][$nid] == trim(strip_tags($label))) {
- // There was some error, so break.
- break;
- }
+ $this->assertEquals($this->nodes[$nid]->bundle(), $node_type);
+ $this->assertEquals(Html::escape($this->nodes[$nid]->label()), trim(strip_tags($label)));
}
}
- $this->assertTrue($success, 'Views selection handler returned expected values.');
}
/**
diff --git a/core/modules/system/tests/modules/entity_reference_test/config/install/views.view.test_entity_reference.yml b/core/modules/system/tests/modules/entity_reference_test/config/install/views.view.test_entity_reference.yml
index 3e78c51080..c2b7e48d17 100644
--- a/core/modules/system/tests/modules/entity_reference_test/config/install/views.view.test_entity_reference.yml
+++ b/core/modules/system/tests/modules/entity_reference_test/config/install/views.view.test_entity_reference.yml
@@ -2,12 +2,11 @@ langcode: en
status: true
dependencies:
module:
- - entity_reference_test
- node
- user
id: test_entity_reference
label: 'Entity reference'
-module: entity_reference_test
+module: views
description: ''
tag: ''
base_table: node_field_data
@@ -35,6 +34,71 @@ display:
row:
type: fields
fields:
+ type:
+ id: type
+ table: node_field_data
+ field: type
+ relationship: none
+ group_type: group
+ admin_label: ''
+ label: ''
+ exclude: true
+ alter:
+ alter_text: false
+ text: ''
+ make_link: false
+ path: ''
+ absolute: false
+ external: false
+ replace_spaces: false
+ path_case: none
+ trim_whitespace: false
+ alt: ''
+ rel: ''
+ link_class: ''
+ prefix: ''
+ suffix: ''
+ target: ''
+ nl2br: false
+ max_length: 0
+ word_boundary: true
+ ellipsis: true
+ more_link: false
+ more_link_text: ''
+ more_link_path: ''
+ strip_tags: false
+ trim: false
+ preserve_tags: ''
+ html: false
+ element_type: ''
+ element_class: ''
+ element_label_type: ''
+ element_label_class: ''
+ element_label_colon: false
+ element_wrapper_type: ''
+ element_wrapper_class: ''
+ element_default_classes: true
+ empty: ''
+ hide_empty: false
+ empty_zero: false
+ hide_alter_empty: true
+ click_sort_column: target_id
+ type: entity_reference_label
+ settings:
+ link: false
+ group_column: target_id
+ group_columns: { }
+ group_rows: true
+ delta_limit: 0
+ delta_offset: 0
+ delta_reversed: false
+ delta_first_last: false
+ multi_type: separator
+ separator: ', '
+ field_api_classes: false
+ entity_type: node
+ entity_field: type
+ plugin_id: field
title:
id: title
table: node_field_data
@@ -99,14 +163,30 @@ display:
entity_type: node
entity_field: status
sorts:
- created:
- id: created
+ nid:
+ id: nid
table: node_field_data
- field: created
- order: DESC
- plugin_id: date
+ field: nid
+ relationship: none
+ group_type: group
+ admin_label: ''
+ order: ASC
+ exposed: false
+ expose:
+ label: ''
entity_type: node
- entity_field: created
+ entity_field: nid
+ plugin_id: standard
+ display_extenders: { }
+ cache_metadata:
+ max-age: -1
+ contexts:
+ - 'languages:language_content'
+ - 'languages:language_interface'
+ - url.query_args
+ - 'user.node_grants:view'
+ - user.permissions
+ tags: { }
entity_reference_1:
display_plugin: entity_reference
id: entity_reference_1
@@ -123,3 +203,19 @@ display:
type: none
options:
offset: 0
+ display_extenders: { }
+ row:
+ type: entity_reference
+ options:
+ default_field_elements: true
+ inline: { }
+ separator: ': '
+ hide_empty: false
+ cache_metadata:
+ max-age: -1
+ contexts:
+ - 'languages:language_content'
+ - 'languages:language_interface'
+ - 'user.node_grants:view'
+ - user.permissions
+ tags: { }
diff --git a/core/modules/user/src/Plugin/EntityReferenceSelection/UserSelection.php b/core/modules/user/src/Plugin/EntityReferenceSelection/UserSelection.php
index 5d462b6618..7c66c340e1 100644
--- a/core/modules/user/src/Plugin/EntityReferenceSelection/UserSelection.php
+++ b/core/modules/user/src/Plugin/EntityReferenceSelection/UserSelection.php
@@ -12,6 +12,7 @@
use Drupal\Core\Entity\Plugin\EntityReferenceSelection\DefaultSelection;
use Drupal\Core\Extension\ModuleHandlerInterface;
use Drupal\Core\Form\FormStateInterface;
+use Drupal\Core\Render\RendererInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\user\RoleInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
@@ -59,9 +60,11 @@ class UserSelection extends DefaultSelection {
* The entity type bundle info service.
* @param \Drupal\Core\Entity\EntityRepositoryInterface $entity_repository
* The entity repository.
+ * @param \Drupal\Core\Render\RendererInterface $renderer
+ * The renderer service.
*/
- public function __construct(array $configuration, $plugin_id, $plugin_definition, EntityTypeManagerInterface $entity_type_manager, ModuleHandlerInterface $module_handler, AccountInterface $current_user, Connection $connection, EntityFieldManagerInterface $entity_field_manager = NULL, EntityTypeBundleInfoInterface $entity_type_bundle_info = NULL, EntityRepositoryInterface $entity_repository = NULL) {
- parent::__construct($configuration, $plugin_id, $plugin_definition, $entity_type_manager, $module_handler, $current_user, $entity_field_manager, $entity_type_bundle_info, $entity_repository);
+ public function __construct(array $configuration, $plugin_id, $plugin_definition, EntityTypeManagerInterface $entity_type_manager, ModuleHandlerInterface $module_handler, AccountInterface $current_user, Connection $connection, EntityFieldManagerInterface $entity_field_manager = NULL, EntityTypeBundleInfoInterface $entity_type_bundle_info = NULL, EntityRepositoryInterface $entity_repository = NULL, RendererInterface $renderer = NULL) {
+ parent::__construct($configuration, $plugin_id, $plugin_definition, $entity_type_manager, $module_handler, $current_user, $entity_field_manager, $entity_type_bundle_info, $entity_repository, $renderer);
$this->connection = $connection;
}
@@ -80,7 +83,8 @@ public static function create(ContainerInterface $container, array $configuratio
$container->get('database'),
$container->get('entity_field.manager'),
$container->get('entity_type.bundle.info'),
- $container->get('entity.repository')
+ $container->get('entity.repository'),
+ $container->get('renderer')
);
}
diff --git a/core/modules/views/src/Plugin/EntityReferenceSelection/ViewsSelection.php b/core/modules/views/src/Plugin/EntityReferenceSelection/ViewsSelection.php
index 79707af10a..a579d44061 100644
--- a/core/modules/views/src/Plugin/EntityReferenceSelection/ViewsSelection.php
+++ b/core/modules/views/src/Plugin/EntityReferenceSelection/ViewsSelection.php
@@ -2,6 +2,7 @@
namespace Drupal\views\Plugin\EntityReferenceSelection;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\DependencyInjection\DeprecatedServicePropertyTrait;
use Drupal\Core\Entity\EntityReferenceSelection\SelectionPluginBase;
use Drupal\Core\Entity\EntityTypeManagerInterface;
@@ -10,6 +11,7 @@
use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Url;
+use Drupal\views\Render\ViewsRenderPipelineMarkup;
use Drupal\views\Views;
use Symfony\Component\DependencyInjection\ContainerInterface;
@@ -219,22 +221,67 @@ protected function initializeView($match = NULL, $match_operator = 'CONTAINS', $
* {@inheritdoc}
*/
public function getReferenceableEntities($match = NULL, $match_operator = 'CONTAINS', $limit = 0) {
+ $entities = [];
+ if ($display_execution_results = $this->getDisplayExecutionResults($match, $match_operator, $limit)) {
+ $entities = $this->stripAdminAndAnchorTagsFromResults($display_execution_results);
+ }
+ return $entities;
+ }
+
+ /**
+ * Fetches the results of executing the display.
+ *
+ * @param string|null $match
+ * (Optional) Text to match the label against. Defaults to NULL.
+ * @param string $match_operator
+ * (Optional) The operation the matching should be done with. Defaults
+ * to "CONTAINS".
+ * @param int $limit
+ * Limit the query to a given number of items. Defaults to 0, which
+ * indicates no limiting.
+ * @param array|null $ids
+ * Array of entity IDs. Defaults to NULL.
+ *
+ * @return array
+ * The results.
+ */
+ protected function getDisplayExecutionResults($match = NULL, $match_operator = 'CONTAINS', $limit = 0, $ids = NULL) {
$display_name = $this->getConfiguration()['view']['display_name'];
$arguments = $this->getConfiguration()['view']['arguments'];
- $result = [];
- if ($this->initializeView($match, $match_operator, $limit)) {
- // Get the results.
- $result = $this->view->executeDisplay($display_name, $arguments);
+ $results = [];
+ if ($this->initializeView($match, $match_operator, $limit, $ids)) {
+ $results = $this->view->executeDisplay($display_name, $arguments);
}
+ return $results;
+ }
- $return = [];
- if ($result) {
- foreach ($this->view->result as $row) {
- $entity = $row->_entity;
- $return[$entity->bundle()][$entity->id()] = $entity->label();
- }
+ /**
+ * Strips all admin and anchor tags from a result list.
+ *
+ * These results are usually displayed in an autocomplete field, which is
+ * surrounded by anchor tags. Most tags are allowed inside anchor tags, except
+ * for other anchor tags.
+ *
+ * @param array $results
+ * The result list.
+ * @return array
+ * The provided result list with anchor tags removed.
+ */
+ protected function stripAdminAndAnchorTagsFromResults($results) {
+ $allowed_tags = Xss::getAdminTagList();
+ if (($key = array_search('a', $allowed_tags)) !== FALSE) {
+ unset($allowed_tags[$key]);
}
- return $return;
+
+ $stripped_results = [];
+ foreach ($results as $id => $row) {
+ $entity = $row['#row']->_entity;
+ $stripped_results[$entity->bundle()][$id] = ViewsRenderPipelineMarkup::create(
+ Xss::filter($this->renderer->renderPlain($row), $allowed_tags)
+ );
+ }
+
+ return $stripped_results;
}
/**
@@ -249,15 +296,7 @@ public function countReferenceableEntities($match = NULL, $match_operator = 'CON
* {@inheritdoc}
*/
public function validateReferenceableEntities(array $ids) {
- $display_name = $this->getConfiguration()['view']['display_name'];
- $arguments = $this->getConfiguration()['view']['arguments'];
- $result = [];
- if ($this->initializeView(NULL, 'CONTAINS', 0, $ids)) {
- // Get the results.
- $entities = $this->view->executeDisplay($display_name, $arguments);
- $result = array_keys($entities);
- }
- return $result;
+ return array_keys($this->getDisplayExecutionResults(NULL, 'CONTAINS', 0, $ids));
}
/**