Mercurial > hg > isophonics-drupal-site

diff core/lib/Drupal/Core/Render/theme.api.php @ 16:c2387f117808

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Routine composer update
author Chris Cannam
date Tue, 10 Jul 2018 15:07:59 +0100
parents 7a779792577d
children af1871eacc83
line wrap: on
line diff
--- a/core/lib/Drupal/Core/Render/theme.api.php	Thu Apr 26 11:26:54 2018 +0100
+++ b/core/lib/Drupal/Core/Render/theme.api.php	Tue Jul 10 15:07:59 2018 +0100
@@ -765,6 +765,12 @@
 /**
  * Render a template using the theme engine.
  *
+ * It is the theme engine's responsibility to escape variables. The only
+ * exception is if a variable implements
+ * \Drupal\Component\Render\MarkupInterface. Drupal is inherently unsafe if
+ * other variables are not escaped. The helper function
+ * theme_render_and_autoescape() may be used for this.
+ *
  * @param string $template_file
  *   The path (relative to the Drupal root directory) to the template to be
  *   rendered including its extension in the format 'path/to/TEMPLATE_NAME.EXT'.