Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Discovered during #1825952: Turn on twig autoescape by default. The class docblock for \Drupal\Core\Template\Attribute has a few typos and odd sentences, and does not mention a critical piece of information (that the output is automatically sanitized).
Proposed resolution
Clean it up. Patch attached.
Comment | File | Size | Author |
---|---|---|---|
#18 | interdiff-2290143-16-18.txt | 843 bytes | amitgoyal |
#18 | drupal-2290143-18.patch | 2.13 KB | amitgoyal |
#3 | interdiff-0-3.txt | 877 bytes | cs_shadow |
#3 | drupal-2290143-3.patch | 1.77 KB | cs_shadow |
attribute.patch | 1.61 KB | xjm | |
Comments
Comment #1
jhodgdonThe docs here look good. Wow, attributes are kind of convoluted, but after reading through the code for the various attribute-related classes, I agree with the assessment that the output is sanitized as described.
Comment #2
star-szrThe "automatically be excluded" part is no longer true: https://www.drupal.org/node/2240005
Comment #3
cs_shadow CreditAttribution: cs_shadow commentedModified documentation as suggested in #2. The example below also needs to be modified, though I'm not sure how to use "without" filter in php code since the example uses the filter in twig.
Comment #4
jhodgdonI'm going to let Cottser (please!) review this one. :)
Comment #5
xjmUse the "without filter" what? Noun needed :)
Comment #6
xjmOh, it's the "without" (some kind of) filter. The "without" Twig filter? Punctuation matters. :)
Comment #7
xjmHm, also, I don't think we have many (or any) references to change records in the codebase, since they're D7-to-D8 specific and irrelevant after. It'd be better to add a code snippet, or update it (as suggested).
Comment #8
xjmComment #9
xjmOh, just a note -- it's perfectly okay to put template markup in a docblock @code section. I'd add something like "in your Twig template" above the code snippet for clarity.
Comment #10
xjmComment #11
cs_shadow CreditAttribution: cs_shadow commentedI changed to the original snippet to point out that indeed all the attributes will be printed ALWAYS. Added a new snippet that shows how to use the "without" filter.
And also, added the punctuation mentioned in #6. Thanks for pointing it out.
Waiting for some feedback.
Comment #12
star-szrThis is looking much better, thanks everyone!
Missing closing
>
and missing 'my-custom-class', and no need to indent within the @code..@endcode according to https://www.drupal.org/node/1354#code.Comment #13
cs_shadow CreditAttribution: cs_shadow commentedAdded missing > and 'my-custom-class'.
@Cottser, left the indent within @code...@endcode as it is to maintain consistency with the other places in the same file.
Comment #14
cs_shadow CreditAttribution: cs_shadow commentedComment #15
LinL CreditAttribution: LinL commentedPatch no longer applies, tagging for reroll.
Comment #16
er.pushpinderrana CreditAttribution: er.pushpinderrana commentedRerolled Patch.
Comment #17
jhodgdonAs xjm pointed out above, the link to https://www.drupal.org/node/2212845 in the text about the "without" filter is going to a change record. This is undesirable -- it should go to a d.o documentation page if possible, and if not... well maybe we don't need the link? The example I think is pretty clear...
Comment #18
amitgoyal CreditAttribution: amitgoyal commentedPlease review revised patch attached as I have removed "without" filter link as per #17.
Comment #19
jhodgdonLooks good to me, thanks!
Comment #20
alexpottCommitted bd0f39f and pushed to 8.0.x. Thanks!