Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
It was discussed in #329998: Remove all unescaped <> chars from t() strings in core (comments #8 and #9) and in #12201: Show table descriptions in PHPMyAdmin and other tools (comments #24 and #25) whether Schema API descriptions of tables and columns should be just plain text.
Currently they are HTML, but when they are used as SQL comments that show up in e.g. phpMyAdmin, they are converted to plain text. I personally think that allowing rich text in schema descriptions is probably a bit too flexible.
Comment | File | Size | Author |
---|---|---|---|
#7 | schema-html-2.patch | 7.34 KB | c960657 |
schema-html-1.patch | 5.17 KB | c960657 | |
Comments
Comment #1
Crell CreditAttribution: Crell commentedMakes sense to me. But what then do we do when trying to display such data in the admin? Do we just say "well, remember to check_plain() it"? It's the sort of text that one would expect to be safe, since it's not coming from an external source but a module developer, so it doesn't trigger my "don't trust it until you filter it" sensors. You wouldn't think to check_plain something in t() yourself, either.
Do we just document it and hope the few people who will actually access this data will read it? Do we provide an API? Something else? I guess I'm OK with documenting it and punting if the committers are, but it's important to ask the question.
Comment #2
Dries CreditAttribution: Dries commentedI'd just document it. I'm in support of this patch.
Comment #3
Crell CreditAttribution: Crell commented@OP, can you reroll with appropriate documentation, er, somewhere? :-)
Comment #4
c960657 CreditAttribution: c960657 commentedThe description of hook_schema() in modules/system/system.api.php doesn't go into great detail about the schema definition but instead refers http://drupal.org/node/146939. I suggest adding the following to the explanation of table and field descriptions on that page: “The description is treated as non-markup plain text.”
Comment #5
c960657 CreditAttribution: c960657 commented@Crell, is adding the documentation to the handbook sufficient, or would you like to have it in CVS?
Comment #6
Crell CreditAttribution: Crell commentedI'd put it in a docblock in the code, and then if we later get better handbook documentation for schema API we include it there as well.
Comment #7
c960657 CreditAttribution: c960657 commentedDone.
Comment #9
c960657 CreditAttribution: c960657 commentedComment #10
webchickNice one! Committed to HEAD.
Comment #11
c960657 CreditAttribution: c960657 commentedI added a mention of this in the upgrade docs:
http://drupal.org/update/modules/6/7#schema_html