Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.See https://docs.acquia.com/articles/using-filter-functions-intended-filterx...
We need to document at https://www.drupal.org/writing-secure-code and/or https://www.drupal.org/node/28984 that people should use drupal_clean_css_identifier() or similar, otherwise they get XSS issues.
Comments
Comment #1
jhodgdonThis issue seems to be about editing drupal.org pages, so moving to appropriate queue. If you think some documentation in Core files needs patching, please move this issue back to Drupal Core and suggest where this documentation should be added to functions, classes, and/or topic pages on api.drupal.org. Thanks!