Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Follow-up to #2280965: [meta] Remove every SafeMarkup::set() call
Problem/Motivation
SafeMarkup::set() is mostly for internal use only. For the most part, existing APIs like t()
, String::checkPlain()
, XSS::filter()
, drupal_render()
, etc. should be marking the things they sanitize, and markup in general should be moved into templates wherever possible so the themer has control of it.
Proposed resolution
Use \Twig_Markup in twig_drupal_join_filter since it is part of Twig and should not pollute the safe list
Comment | File | Size | Author |
---|---|---|---|
#4 | 2553969.4.patch | 870 bytes | alexpott |
#2 | 2553969.2.patch | 869 bytes | alexpott |
Comments
Comment #2
alexpottComment #3
dawehnerNice!
Comment #4
alexpottTiny fix... missing leading slash.
Comment #5
dawehnerAh, I'm confused that twig is actually running old school classnames.
Comment #6
xjmComment #7
webchickCommitted and pushed to 8.0.x. Thanks!