Follow-up to #2280965: [meta] Remove every SafeMarkup::set() call

Problem/Motivation

SafeMarkup::set() is mostly for internal use only. For the most part, existing APIs like t(), String::checkPlain(), XSS::filter(), drupal_render(), etc. should be marking the things they sanitize, and markup in general should be moved into templates wherever possible so the themer has control of it.

Proposed resolution

Use \Twig_Markup in twig_drupal_join_filter since it is part of Twig and should not pollute the safe list

CommentFileSizeAuthor
#4 2553969.4.patch870 bytesalexpott
#2 2553969.2.patch869 bytesalexpott

Comments

alexpott created an issue. See original summary.

alexpott’s picture

Status: Active » Needs review
StatusFileSize
new869 bytes
dawehner’s picture

Status: Needs review » Reviewed & tested by the community

Nice!

alexpott’s picture

StatusFileSize
new870 bytes

Tiny fix... missing leading slash.

dawehner’s picture

Ah, I'm confused that twig is actually running old school classnames.

xjm’s picture

Title: Use \Twig_Markup in twig_drupal_join_filter since it is part of Twig and should not pollute the safe list » Use \Twig_Markup in twig_drupal_join_filter() since it is part of Twig and should not pollute the safe list
webchick’s picture

Status: Reviewed & tested by the community » Fixed

Committed and pushed to 8.0.x. Thanks!

  • webchick committed d10622a on 8.0.x
    Issue #2553969 by alexpott, dawehner, xjm: Use \Twig_Markup in...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.