Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Problem/Motivation
AssertContentTrait::assertEscaped() currently uses SafeMarkup::checkPlain(), which adds the string to the list of safe strings. This is unnecessary.
Proposed resolution
Swap the SafeMarkup::checkPlain() call for Html::escape()
Remaining tasks
Make patch.
User interface changes
None.
API changes
None.
Data model changes
None.
Beta phase evaluation
| Issue category | Task because current function works as documented. |
|---|---|
| Issue priority | Normal because nothing is broken. |
| Prioritized changes | The main goal of this issue is to remove a SafeMarkup::checkPlain as part of #2549943: [plan] Remove as much of the SafeMarkup class's methods as possible |
| Disruption | None; internal change with no outside effects. |
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | 2552893-2.patch | 1.37 KB | mpdonadio |
Comments
Comment #2
mpdonadioComment #3
mpdonadioComment #4
stefan.r CreditAttribution: stefan.r commentedLooks good to me!
Comment #5
stefan.r CreditAttribution: stefan.r commentedI think we can RTBC this as SafeMarkup::checkPlain() just wraps Html::escape() and tests are still green.
Comment #6
dawehner+1
Comment #7
alexpottI guess this just means there is less to do in #2545972: Remove all code usages SafeMarkup::checkPlain() and rely more on Twig autoescaping. Test only change and therefore beta permitted. Committed 2ecd353 and pushed to 8.0.x. Thanks!