projects / yaffs-website / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Updated to Drupal 8.5. Core Media not yet in use.
[yaffs-website] / web / modules / contrib / devel / src / Plugin / Devel / Dumper / DrupalVariable.php
diff --git a/web/modules/contrib/devel/src/Plugin/Devel/Dumper/DrupalVariable.php b/web/modules/contrib/devel/src/Plugin/Devel/Dumper/DrupalVariable.php
index 3f38d15f25a7b44f918bc75cf293d582051f7583..a1561e3e96241a40c3557f083ca6a57b99e065bb 100644 (file)
--- a/web/modules/contrib/devel/src/Plugin/Devel/Dumper/DrupalVariable.php
+++ b/web/modules/contrib/devel/src/Plugin/Devel/Dumper/DrupalVariable.php
@@ -3,6 +3,7 @@
 namespace Drupal\devel\Plugin\Devel\Dumper;
 
 use Drupal\Component\Utility\Variable;
+use Drupal\Component\Utility\Xss;
 use Drupal\devel\DevelDumperBase;
 
 /**
@@ -21,7 +22,11 @@ class DrupalVariable extends DevelDumperBase {
    */
   public function export($input, $name = NULL) {
     $name = $name ? $name . ' => ' : '';
-    $dump = '<pre>' . $name . Variable::export($input) . '</pre>';
+    $dump = Variable::export($input);
+    // Run Xss::filterAdmin on the resulting string to prevent
+    // cross-site-scripting (XSS) vulnerabilities.
+    $dump = Xss::filterAdmin($dump);
+    $dump = '<pre>' . $name . $dump . '</pre>';
     return $this->setSafeMarkup($dump);
   }
 
Unnamed repository; edit this file 'description' to name the repository.