Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
See this announcement: SafeMarkup::checkPlain()
is now deprecated and will be removed, so we should adapt our code before that. (I don't think we're using SafeMarkup::set()
anywhere, but we should of course check for that, too.)
Comment | File | Size | Author |
---|---|---|---|
#7 | 2562689-7--remove_deprecated_safe_markup_method_calls--interdiff.txt | 4.65 KB | drunken monkey |
#7 | 2562689-7--remove_deprecated_safe_markup_method_calls.patch | 17.85 KB | drunken monkey |
|
Comments
Comment #2
rashid_786 CreditAttribution: rashid_786 as a volunteer commentedFound
SafeMarkup::checkPlain()
in lots of files. As per recommendation we should replace it with Html::escape().Comment #3
rashid_786 CreditAttribution: rashid_786 as a volunteer commentedComment #5
joshi.rohit100use statement is missing.
Comment #6
rashid_786 CreditAttribution: rashid_786 as a volunteer commentedThanks @joshi.rohit100 for pointing. Patch updated with new changes.
Comment #7
drunken monkeyThanks a lot for working on this, looks quite good already!
A few things could be simplified, though, and there's one tricky part I saw:
This could now probably just use
#plain_text
.This seems to lead to double-escaping, since the information will be included in a table – or, would be included, since it seems we had the wrong method name. Weird no-one noticed before.
Anyways, seems the call can just be dropped.
This doesn't seem to work that way, or any other simple way – see #2563381: Hard to get page title and header both properly sanitized.
Revised patch attached, if no-one objects I'll commit it in a few days.
Comment #8
drunken monkeyCommitted.
Thanks again everyone!