Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
On /admin/reports/updates/update page, "Reccomended version" is double escaped as seen in screenshot:
Proposed resolution
Check parent issue's guidelines (twig inline templates)
Comment | File | Size | Author |
---|---|---|---|
#38 | twig_double_escaping_on-2349773-38.patch | 2.58 KB | lauriii |
#9 | interdiff_4-9.txt | 2.47 KB | Zekvyrin |
#9 | interdiff_8-9.txt | 569 bytes | Zekvyrin |
#9 | core-twig_double_escaping_available_updates-2349773-9.patch | 2.31 KB | Zekvyrin |
#10 | Selection_002.png | 21.43 KB | subhojit777 |
Comments
Comment #1
Zekvyrin CreditAttribution: Zekvyrin commentedI'm working on a patch for the issue
Comment #2
Zekvyrin CreditAttribution: Zekvyrin commentedI'm uploading a patch for this. I used Twig inline_template render elements (option two from parent issue's recommendations).
$recommended_version is supposed to be safe, as every possibly unfiltered string passes either through an _l() or a t() function and is filtered there.
Comment #3
Zekvyrin CreditAttribution: Zekvyrin commentedAlso attaching and image for the fixed page:
Comment #4
Zekvyrin CreditAttribution: Zekvyrin commentedFor some reason I deleted the patch file (sorry)... reuploading..
Comment #5
iro CreditAttribution: iro commentedI did some manual testing and everything seems to work fine.
Comment #6
SteffenRI also had a look on the issue - patch applies fine for me and the result is as expected.
I think we can set the issue to RTBC.
Comment #7
alexpottCan we convert this to an actual twig template rather than just adding html together. So it is something like
Comment #8
Zekvyrin CreditAttribution: Zekvyrin commentedHello Alex,
Thanks for the feedback & sample code. Helped me a lot. I've uploaded a new patch.
I have a few questions:
1) I'm still not sure if we can remove the drupal_render function from here. I tried and it didn't work.
2) Is it any way to call 't' filter with arguments in twig? For example we could use it to keep the same string as d7: 'Release notes for @project_title' .
3) I've noticed that there are some custom simple functions in twig about url generation. Can we implement something instead of using '<a>' in the template?
Comment #9
Zekvyrin CreditAttribution: Zekvyrin commentedOk.. I should think a bit more like d7 sometimes.. I removed drupal_render from there.
uploaded new patch.
Comment #10
subhojit777The code looks good, and follows @alexpott's suggestions. Tested the patch and it is working. Good work @Zekvyrin. Images attached for comparison.
Comment #11
subhojit777Comment #12
Gábor HojtsyThere are numerous problems with this:
1. There is no way the translation extractor will find this. See #2315329: Support for Drupal 8 inline twig translatable for constructs the extractor can support. A random variable changed several ways and then later used in a render API construct will not suffice.
2. The words "Major upgrade warning" are not translatable. Not a problem of this patch, but while you are at it.
3. The change from "Release notes for @project_title" to essentially "Release notes for" . $project_title is very bad for translation. Are you sure all languages that Drupal may be translated to will find this word order suitable? The goal of having the token to replace in the text is exactly to support different languages. Doing the string concatenation instead will not be compatible by several languages.
Comment #13
subhojit777Comment #14
Zekvyrin CreditAttribution: Zekvyrin commented@Gábor: I totally agree with 3, but I couldn't find a way to solve it.
I haven't found any example of 't' usage with variables and i was wondering if it can be done. (issue that added t as a twig filter: #2011442: Support for Drupal 8 twig t filter translatables ).
Check my comment #8 (question no.2)
I also still wondering if we can implement a way to use a function to generate urls in these strings, and still avoid twig's autoescape.
Comment #15
subhojit777Comment #16
lauriii#14:
OR
Comment #17
mirom CreditAttribution: mirom commentedComment #18
mirom CreditAttribution: mirom commentedPosting patch. Solving 2. and 3. from #12.
Comment #19
mirom CreditAttribution: mirom commentedComment #20
lauriiiLooks good to me. Fixes #12.2 and #12.3. What are we gonna do with #12.1?
Comment #21
mirom CreditAttribution: mirom commentedShould this works for it?
Comment #22
lauriiiCan you provide us a interdiff?
Comment #23
mirom CreditAttribution: mirom commentedHere u r
Comment #24
subhojit777Space missing after first parameter, and around array key value. Change it to this:
$this->t('Release notes for @project_title', array('@project_title' => $project['title']))
Comment #25
subhojit777Can't we use l() function here.
Comment #26
mirom CreditAttribution: mirom commented#25 - can I pass title parameter to l() function?
Comment #27
subhojit777@mirom see LinkGeneratorInterface::generate()
Comment #28
lauriiiI dont think we are using l() function in a template or am I wrong?
Comment #29
subhojit777ahh.. I get it. In that case we do not need l() function.
I am not sure whether this is correct. I think
#context
should contain elements withinarray()
, like this:Comment #30
mirom CreditAttribution: mirom commentedIt is probably my typo. Submitting correct patch and interdiff with #18.
Comment #31
subhojit777Indentation not correct
Space missing after first parameter *again* :)
@mirom Please change it to needs review after it is done
Comment #32
Gábor HojtsyThis approach definitely fixes the translatability concerns, thanks a lot.
Comment #33
mirom CreditAttribution: mirom commented@subhojit777 - hopefully fixed, first time i didn't see, what you mean by "space after first parameter"
Submitting correct patch and interdiff with #18.
Comment #34
mirom CreditAttribution: mirom commentedComment #35
jibranComment #36
joelpittetThis needs a re-roll, because it's in a table it's quite difficult to move this markup to a template to so this approach looks like the most viable.
Couple of nitpicks as well:
Would be nice without as many quote escapes, could you swap the " with '.
"<div title=\"{
to'<div title="{
There is a double space after the period in the sentence.
Comment #37
joelpittetEdit: Removed comment (wrong issue)
Comment #38
lauriiiRerolled and did the changes
Comment #39
subhojit777Comment #40
subhojit777Patch in #38 is working. And the code looks alright.
Comment #41
subhojit777Comment #42
alexpottThis issue is a normal bug fix, and doesn't include any disruptive changes, so it is allowed per https://www.drupal.org/core/beta-changes. Committed 169fde0 and pushed to 8.0.x. Thanks!