Fixes #1582: Error messages shown via client-side validation should not be double encoded

framework/CHANGELOG.md

@@ -10,6 +10,7 @@ Yii Framework 2 Change Log
 - Bug #1509: The SQL for creating Postgres RBAC tables is incorrect (qiangxue)
 - Bug #1545: It was not possible to execute db Query twice, params where missing (cebe)
 - Bug #1550: fixed the issue that JUI input widgets did not property input IDs.
+- Bug #1582: Error messages shown via client-side validation should not be double encoded (qiangxue)
 - Bug #1591: StringValidator is accessing undefined property (qiangxue)
 - Bug: Fixed `Call to a member function registerAssetFiles() on a non-object` in case of wrong `sourcePath` for an asset bundle (samdark)
 - Bug: Fixed incorrect event name for `yii\jui\Spinner` (samdark)

framework/yii/assets/yii.activeForm.js

@@ -348,7 +348,7 @@
 				$container.removeClass(data.settings.validatingCssClass + ' ' + data.settings.successCssClass)
 					.addClass(data.settings.errorCssClass);
 			} else {
-				$error.html('');
+				$error.text('');
 				$container.removeClass(data.settings.validatingCssClass + ' ' + data.settings.errorCssClass + ' ')
 					.addClass(data.settings.successCssClass);
 			}
@@ -365,15 +365,15 @@
 	var updateSummary = function ($form, messages) {
 		var data = $form.data('yiiActiveForm'),
 			$summary = $form.find(data.settings.errorSummary),
-			content = '';
+			$ul = $summary.find('ul');
 
 		if ($summary.length && messages) {
 			$.each(data.attributes, function () {
 				if ($.isArray(messages[this.name]) && messages[this.name].length) {
-					content += '<li>' + messages[this.name][0] + '</li>';
+					$ul.append($('<li/>').text(messages[this.name][0]));
 				}
 			});
-			$summary.toggle(content !== '').find('ul').html(content);
+			$summary.toggle($ul.find('li').length > 0);
 		}
 	};
 

framework/yii/captcha/CaptchaValidator.php

@@ -93,9 +93,9 @@ class CaptchaValidator extends Validator
 			'hash' => $hash,
 			'hashKey' => 'yiiCaptcha/' . $this->captchaAction,
 			'caseSensitive' => $this->caseSensitive,
-			'message' => Html::encode(strtr($this->message, [
+			'message' => strtr($this->message, [
 				'{attribute}' => $object->getAttributeLabel($attribute),
-			])),
+			]),
 		];
 		if ($this->skipOnEmpty) {
 			$options['skipOnEmpty'] = 1;

framework/yii/validators/BooleanValidator.php

@@ -72,11 +72,11 @@ class BooleanValidator extends Validator
 		$options = [
 			'trueValue' => $this->trueValue,
 			'falseValue' => $this->falseValue,
-			'message' => Html::encode(strtr($this->message, [
+			'message' => strtr($this->message, [
 				'{attribute}' => $object->getAttributeLabel($attribute),
 				'{true}' => $this->trueValue,
 				'{false}' => $this->falseValue,
-			])),
+			]),
 		];
 		if ($this->skipOnEmpty) {
 			$options['skipOnEmpty'] = 1;

framework/yii/validators/CompareValidator.php

@@ -195,11 +195,11 @@ class CompareValidator extends Validator
 			$options['skipOnEmpty'] = 1;
 		}
 
-		$options['message'] = Html::encode(strtr($this->message, [
+		$options['message'] = strtr($this->message, [
 			'{attribute}' => $object->getAttributeLabel($attribute),
 			'{compareAttribute}' => $compareValue,
 			'{compareValue}' => $compareValue,
-		]));
+		]);
 
 		ValidationAsset::register($view);
 		return 'yii.validation.compare(value, messages, ' . json_encode($options) . ');';

framework/yii/validators/EmailValidator.php

@@ -98,9 +98,9 @@ class EmailValidator extends Validator
 			'pattern' => new JsExpression($this->pattern),
 			'fullPattern' => new JsExpression($this->fullPattern),
 			'allowName' => $this->allowName,
-			'message' => Html::encode(strtr($this->message, [
+			'message' => strtr($this->message, [
 				'{attribute}' => $object->getAttributeLabel($attribute),
-			])),
+			]),
 			'enableIDN' => (boolean)$this->enableIDN,
 		];
 		if ($this->skipOnEmpty) {

framework/yii/validators/NumberValidator.php

@@ -124,24 +124,24 @@ class NumberValidator extends Validator
 
 		$options = [
 			'pattern' => new JsExpression($this->integerOnly ? $this->integerPattern : $this->numberPattern),
-			'message' => Html::encode(strtr($this->message, [
+			'message' => strtr($this->message, [
 				'{attribute}' => $label,
-			])),
+			]),
 		];
 
 		if ($this->min !== null) {
 			$options['min'] = $this->min;
-			$options['tooSmall'] = Html::encode(strtr($this->tooSmall, [
+			$options['tooSmall'] = strtr($this->tooSmall, [
 				'{attribute}' => $label,
 				'{min}' => $this->min,
-			]));
+			]);
 		}
 		if ($this->max !== null) {
 			$options['max'] = $this->max;
-			$options['tooBig'] = Html::encode(strtr($this->tooBig, [
+			$options['tooBig'] = strtr($this->tooBig, [
 				'{attribute}' => $label,
 				'{max}' => $this->max,
-			]));
+			]);
 		}
 		if ($this->skipOnEmpty) {
 			$options['skipOnEmpty'] = 1;

framework/yii/validators/RangeValidator.php

@@ -73,9 +73,9 @@ class RangeValidator extends Validator
 		$options = [
 			'range' => $range,
 			'not' => $this->not,
-			'message' => Html::encode(strtr($this->message, [
+			'message' => strtr($this->message, [
 				'{attribute}' => $object->getAttributeLabel($attribute),
-			])),
+			]),
 		];
 		if ($this->skipOnEmpty) {
 			$options['skipOnEmpty'] = 1;

framework/yii/validators/RegularExpressionValidator.php

@@ -80,9 +80,9 @@ class RegularExpressionValidator extends Validator
 		$options = [
 			'pattern' => new JsExpression($pattern),
 			'not' => $this->not,
-			'message' => Html::encode(strtr($this->message, [
+			'message' => strtr($this->message, [
 				'{attribute}' => $object->getAttributeLabel($attribute),
-			])),
+			]),
 		];
 		if ($this->skipOnEmpty) {
 			$options['skipOnEmpty'] = 1;

framework/yii/validators/RequiredValidator.php

@@ -101,9 +101,9 @@ class RequiredValidator extends Validator
 			$options['strict'] = 1;
 		}
 
-		$options['message'] = Html::encode(strtr($options['message'], [
+		$options['message'] = strtr($options['message'], [
 			'{attribute}' => $object->getAttributeLabel($attribute),
-		]));
+		]);
 
 		ValidationAsset::register($view);
 		return 'yii.validation.required(value, messages, ' . json_encode($options) . ');';

framework/yii/validators/StringValidator.php

@@ -151,31 +151,31 @@ class StringValidator extends Validator
 		$label = $object->getAttributeLabel($attribute);
 
 		$options = [
-			'message' => Html::encode(strtr($this->message, [
+			'message' => strtr($this->message, [
 				'{attribute}' => $label,
-			])),
+			]),
 		];
 
 		if ($this->min !== null) {
 			$options['min'] = $this->min;
-			$options['tooShort'] = Html::encode(strtr($this->tooShort, [
+			$options['tooShort'] = strtr($this->tooShort, [
 				'{attribute}' => $label,
 				'{min}' => $this->min,
-			]));
+			]);
 		}
 		if ($this->max !== null) {
 			$options['max'] = $this->max;
-			$options['tooLong'] = Html::encode(strtr($this->tooLong, [
+			$options['tooLong'] = strtr($this->tooLong, [
 				'{attribute}' => $label,
 				'{max}' => $this->max,
-			]));
+			]);
 		}
 		if ($this->length !== null) {
 			$options['is'] = $this->length;
-			$options['notEqual'] = Html::encode(strtr($this->notEqual, [
+			$options['notEqual'] = strtr($this->notEqual, [
 				'{attribute}' => $label,
 				'{length}' => $this->length,
-			]));
+			]);
 		}
 		if ($this->skipOnEmpty) {
 			$options['skipOnEmpty'] = 1;

framework/yii/validators/UrlValidator.php

@@ -121,9 +121,9 @@ class UrlValidator extends Validator
 
 		$options = [
 			'pattern' => new JsExpression($pattern),
-			'message' => Html::encode(strtr($this->message, [
+			'message' => strtr($this->message, [
 				'{attribute}' => $object->getAttributeLabel($attribute),
-			])),
+			]),
 			'enableIDN' => (boolean)$this->enableIDN,
 		];
 		if ($this->skipOnEmpty) {