1. class
  2. Drupal
  3. \
  4. Component
  5. \
  6. Utility
  7. \
  8. SafeMarkup

SafeMarkup deprecated

class SafeMarkup (View source)

deprecated Will be removed before Drupal 9.0.0. Use the appropriate @link sanitization sanitization functions @endlink or the @link theme_render theme and render systems @endlink so that the output can can be themed, escaped, and altered properly.

Contains deprecated functionality related to sanitization of markup.

Methods

static bool
isSafe(string|MarkupInterface $string, string $strategy = 'html') deprecated

Checks if a string is safe to output.

static HtmlEscapedText
checkPlain(string $text) deprecated

Encodes special characters in a plain-text string for display as HTML.

static string|MarkupInterface
format(string $string, array $args) deprecated

Formats a string for HTML display by replacing variable placeholders.

Details

at line 42
static bool isSafe(string|MarkupInterface $string, string $strategy = 'html') deprecated

deprecated in drupal:8.0.0 and is removed from drupal:9.0.0. Instead, you should just check if a variable is an instance of \Drupal\Component\Render\MarkupInterface.

Checks if a string is safe to output.

Parameters

string|MarkupInterface $string

The content to be checked.
string $strategy

(optional) This value is ignored.

Return Value

bool

TRUE if the string has been marked secure, FALSE otherwise.

See also

https://www.drupal.org/node/2549395

at line 69
static HtmlEscapedText checkPlain(string $text) deprecated

deprecated Will be removed before Drupal 9.0.0. Rely on Twig's auto-escaping feature, or use the @link theme_render #plain_text @endlink key when constructing a render array that contains plain text in order to use the renderer's auto-escaping feature. If neither of these are possible, \Drupal\Component\Utility\Html::escape() can be used in places where explicit escaping is needed.

Encodes special characters in a plain-text string for display as HTML.

Also validates strings as UTF-8. All processed strings are also automatically flagged as safe markup strings for rendering.

Parameters

string $text

The text to be checked or processed.

Return Value

HtmlEscapedText

An HtmlEscapedText object that escapes when rendered to string.

See also

https://www.drupal.org/node/2549395
drupal_validate_utf8()

at line 97
static string|MarkupInterface format(string $string, array $args) deprecated

deprecated in drupal:8.0.0 and is removed from drupal:9.0.0. Use \Drupal\Component\Render\FormattableMarkup.

Formats a string for HTML display by replacing variable placeholders.

Parameters

string $string

A string containing placeholders. The string itself will not be escaped, any unsafe content must be in $args and inserted via placeholders.
array $args

An array with placeholder replacements, keyed by placeholder. See \Drupal\Component\Render\FormattableMarkup::placeholderFormat() for additional information about placeholders.

Return Value

string|MarkupInterface

The formatted string, which is an instance of MarkupInterface unless sanitization of an unsafe argument was suppressed (see above).

See also

FormattableMarkup::placeholderFormat
FormattableMarkup
https://www.drupal.org/node/2549395