Mercurial > hg > isophonics-drupal-site

comparison core/lib/Drupal/Component/Utility/SafeMarkup.php @ 0:4c8ae668cc8c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial import (non-working)
author Chris Cannam
date Wed, 29 Nov 2017 16:09:58 +0000
parents
children 129ea1e6d783
comparison
equal deleted inserted replaced
-1:000000000000 0:4c8ae668cc8c
1 <?php
2
3 namespace Drupal\Component\Utility;
4
5 use Drupal\Component\Render\HtmlEscapedText;
6 use Drupal\Component\Render\FormattableMarkup;
7 use Drupal\Component\Render\MarkupInterface;
8
9 /**
10 * Contains deprecated functionality related to sanitization of markup.
11 *
12 * @deprecated Will be removed before Drupal 9.0.0. Use the appropriate
13 * @link sanitization sanitization functions @endlink or the @link theme_render theme and render systems @endlink
14 * so that the output can can be themed, escaped, and altered properly.
15 *
16 * @see https://www.drupal.org/node/2549395
17 *
18 * @see TwigExtension::escapeFilter()
19 * @see twig_render_template()
20 * @see sanitization
21 * @see theme_render
22 */
23 class SafeMarkup {
24
25 /**
26 * Checks if a string is safe to output.
27 *
28 * @param string|\Drupal\Component\Render\MarkupInterface $string
29 * The content to be checked.
30 * @param string $strategy
31 * (optional) This value is ignored.
32 *
33 * @return bool
34 * TRUE if the string has been marked secure, FALSE otherwise.
35 *
36 * @deprecated in Drupal 8.0.x-dev, will be removed before Drupal 9.0.0.
37 * Instead, you should just check if a variable is an instance of
38 * \Drupal\Component\Render\MarkupInterface.
39 *
40 * @see https://www.drupal.org/node/2549395
41 */
42 public static function isSafe($string, $strategy = 'html') {
43 return $string instanceof MarkupInterface;
44 }
45
46 /**
47 * Encodes special characters in a plain-text string for display as HTML.
48 *
49 * Also validates strings as UTF-8. All processed strings are also
50 * automatically flagged as safe markup strings for rendering.
51 *
52 * @param string $text
53 * The text to be checked or processed.
54 *
55 * @return \Drupal\Component\Render\HtmlEscapedText
56 * An HtmlEscapedText object that escapes when rendered to string.
57 *
58 * @deprecated Will be removed before Drupal 9.0.0. Rely on Twig's
59 * auto-escaping feature, or use the @link theme_render #plain_text @endlink
60 * key when constructing a render array that contains plain text in order to
61 * use the renderer's auto-escaping feature. If neither of these are
62 * possible, \Drupal\Component\Utility\Html::escape() can be used in places
63 * where explicit escaping is needed.
64 *
65 * @see https://www.drupal.org/node/2549395
66 * @see drupal_validate_utf8()
67 */
68 public static function checkPlain($text) {
69 return new HtmlEscapedText($text);
70 }
71
72 /**
73 * Formats a string for HTML display by replacing variable placeholders.
74 *
75 * @param string $string
76 * A string containing placeholders. The string itself will not be escaped,
77 * any unsafe content must be in $args and inserted via placeholders.
78 * @param array $args
79 * An array with placeholder replacements, keyed by placeholder. See
80 * \Drupal\Component\Render\FormattableMarkup::placeholderFormat() for
81 * additional information about placeholders.
82 *
83 * @return string|\Drupal\Component\Render\MarkupInterface
84 * The formatted string, which is an instance of MarkupInterface unless
85 * sanitization of an unsafe argument was suppressed (see above).
86 *
87 * @see \Drupal\Component\Render\FormattableMarkup::placeholderFormat()
88 * @see \Drupal\Component\Render\FormattableMarkup
89 *
90 * @deprecated in Drupal 8.0.0, will be removed before Drupal 9.0.0.
91 * Use \Drupal\Component\Render\FormattableMarkup.
92 *
93 * @see https://www.drupal.org/node/2549395
94 */
95 public static function format($string, array $args) {
96 return new FormattableMarkup($string, $args);
97 }
98
99 }