The current documentation for format_string() emphasizes that it is to be used for "sanitizing" text but that's not really a complete description. Even if you trust the source of your text, you still want to run it through e.g. check_plain() if there's any chance it might contain a character that will be erroneously interpreted as HTML, and format_string() is a good way to do that.
Thus, we really should encourage people to use this function regardless of whether untrusted user input is involved. (See discussion in #500866: [META] remove t() from assert message.)
The attached patch is a first pass at trying to clarify the documentation in this regard and otherwise make some small improvements to it.
| Comment | File | Size | Author |
|---|---|---|---|
| #4 | format-string-docs-1873608-4.patch | 823 bytes | David_Rothstein |
| #1 | format-string-docs-1873608-1.patch | 2.5 KB | David_Rothstein |
Comments
Comment #1
David_Rothstein commentedHere's the patch.
Comment #2
jhodgdonI think this is an excellent update to the documentation of this function. Thanks!
Comment #3
webchickCommitted and pushed to 8.x and 7.x. Thanks!
Comment #4
David_Rothstein commentedHm, I think I managed to tell people to use this function in one paragraph and then tell them not to use it the next.
This patch tries to clarify that...
Comment #5
jhodgdonI have no problem with that addition to the documentation in #4, although I don't think it's totally necessary. :)
Comment #6
tim.plunkettRelated #1862198: It's not clear that you have to look at format_string() to find details of t() arg handling
Comment #7
jhodgdonCommitted to 7.x and 8.x. Thanks!
Comment #8.0
(not verified) commentedFix typo.