Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Part of #2545972: Remove all code usages SafeMarkup::checkPlain() and rely more on Twig autoescaping
Problem/Motivation
SafeMarkup::checkPlain()
marks strings as safe - there are many usages where this is irrelevant because Twig will auto-escape it for us.
Proposed resolution
Remove unnecessary calls and let Twig auto-escape do its thing. Add test coverage if necessary. Also clean up checkPlain attributes properties because these are all escaped by default and in fact all of these are double escaping bugs.
Remaining tasks
Add or find test coverage- Review
- Commit
User interface changes
None
API changes
None
Data model changes
None
Comment | File | Size | Author |
---|---|---|---|
#6 | 2557871.6.patch | 18.35 KB | alexpott |
#6 | 2557871.6.test-only.patch | 2.13 KB | alexpott |
#2 | 2557871.2.patch | 16.22 KB | alexpott |
Comments
Comment #2
alexpottComment #3
Wim LeersComment #4
joelpittetRTBC++
Comment #5
alexpottI'm going to add some tests for at least the attributes changes since I suspect that these would have caused double escaping bugs in HEAD.
Comment #6
alexpottAdded tests for the attributes changes where possible - and proved we have double escaping bugs in HEAD.
This is not actually testable - user names can not have a character that is escaped in them. See UserNameConstraintValidator.
The test only patch is the interdiff :)
Comment #8
Wim LeersEven better!
Comment #9
catchCommitted/pushed to 8.0.x, thanks!