diff --git a/core/lib/Drupal/Component/Utility/PlaceholderTrait.php b/core/lib/Drupal/Component/Utility/PlaceholderTrait.php
index 5922b3f..ef1552f 100644
--- a/core/lib/Drupal/Component/Utility/PlaceholderTrait.php
+++ b/core/lib/Drupal/Component/Utility/PlaceholderTrait.php
@@ -34,17 +34,13 @@ protected static function placeholderFormat($string, array $args, &$safe = TRUE)
switch ($key[0]) {
case '@':
// Escaped only.
- if (!SafeMarkup::isSafe($value)) {
- $args[$key] = Html::escape($value);
- }
+ $args[$key] = SafeMarkup::escapeIfUnsafe($value);
break;
case '%':
default:
// Escaped and placeholder.
- if (!SafeMarkup::isSafe($value)) {
- $value = Html::escape($value);
- }
+ $value = SafeMarkup::escapeIfUnsafe($value);
$args[$key] = '' . $value . '';
break;
diff --git a/core/lib/Drupal/Component/Utility/SafeMarkup.php b/core/lib/Drupal/Component/Utility/SafeMarkup.php
index c1c86f5..a693e69 100644
--- a/core/lib/Drupal/Component/Utility/SafeMarkup.php
+++ b/core/lib/Drupal/Component/Utility/SafeMarkup.php
@@ -237,4 +237,22 @@ public static function format($string, array $args) {
}
+ /**
+ * Escapes a string if it's not safe.
+ *
+ * @param string $string
+ * The text string to be escaped if unsafe.
+ * @return string
+ * The escaped string if it was unsafe.
+ *
+ * @ingroup sanitization
+ */
+ public static function escapeIfUnsafe($string) {
+ if (!self::isSafe($string)) {
+ $string = Html::escape($string);
+ }
+
+ return $string;
+ }
+
}
diff --git a/core/lib/Drupal/Core/Utility/LinkGenerator.php b/core/lib/Drupal/Core/Utility/LinkGenerator.php
index 6eb473b..a96b5d8 100644
--- a/core/lib/Drupal/Core/Utility/LinkGenerator.php
+++ b/core/lib/Drupal/Core/Utility/LinkGenerator.php
@@ -167,9 +167,7 @@ public function generate($text, Url $url) {
$attributes['href'] = $generated_url->getGeneratedUrl();
}
- if (!SafeMarkup::isSafe($variables['text'])) {
- $variables['text'] = Html::escape($variables['text']);
- }
+ $variables['text'] = SafeMarkup::escapeIfUnsafe($variables['text']);
$attributes = new Attribute($attributes);
// This is safe because Attribute does escaping and $variables['text'] is
// either rendered or escaped.
diff --git a/core/modules/views/views.module b/core/modules/views/views.module
index f6aca4c..a92bccd 100644
--- a/core/modules/views/views.module
+++ b/core/modules/views/views.module
@@ -666,9 +666,7 @@ function views_pre_render_views_form_views_form($element) {
foreach ($substitutions as $placeholder => $substitution) {
$search[] = Html::escape($placeholder);
// Ensure that any replacements made are safe to make.
- if (!SafeMarkup::isSafe($substitution)) {
- $substitution = Html::escape($substitution);
- }
+ $substitution = SafeMarkup::escapeIfUnsafe($substitution);
$replace[] = $substitution;
}
diff --git a/core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php b/core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php
index 12f2012..9e156b6 100644
--- a/core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php
+++ b/core/tests/Drupal/Tests/Component/Utility/SafeMarkupTest.php
@@ -122,6 +122,17 @@ public function testIsSafe() {
}
/**
+ * Tests SafeMarkup::escapeIfUnsafe() with different strings.
+ *
+ * @covers ::escapeIfUnsafe
+ */
+ public function testEscapeIfUnsafe() {
+ $unsafe_string = 'bunny
';
+ $expected = '<p>bunny</p>';
+ $this->assertSame($expected, SafeMarkup::escapeIfUnsafe($unsafe_string));
+ }
+
+ /**
* Tests SafeMarkup::setMultiple().
*
* @covers ::setMultiple