You are here

Sanitization functions in Drupal 8

Same name and namespace in other branches
  1. 7 includes/common.inc \sanitization

Functions to sanitize values.

See https://www.drupal.org/writing-secure-code for information on writing secure code.

File

core/includes/common.inc, line 190
Common functions that many Drupal modules will need to reference.

Functions

Namesort descending Location Description
check_markup core/modules/filter/filter.module Runs all the enabled filters on a piece of text.
check_url Deprecated core/includes/common.inc Strips dangerous protocols from a URI and encodes it for output to HTML.
FormattableMarkup::placeholderFormat core/lib/Drupal/Component/Render/FormattableMarkup.php Replaces placeholders in a string with values.
format_string Deprecated core/includes/bootstrap.inc Formats a string for HTML display by replacing variable placeholders.
Html::escape core/lib/Drupal/Component/Utility/Html.php Escapes text by converting special characters to HTML entities.
ProcessedText::preRenderText core/modules/filter/src/Element/ProcessedText.php Pre-render callback: Renders a processed text element into #markup.
StringTranslationTrait::t core/lib/Drupal/Core/StringTranslation/StringTranslationTrait.php Translates a string to the current language or to a given language.
t core/includes/bootstrap.inc Translates a string to the current language or to a given language.
TranslatableMarkup::__construct core/lib/Drupal/Core/StringTranslation/TranslatableMarkup.php Constructs a new class instance.
TranslationInterface::translate core/lib/Drupal/Core/StringTranslation/TranslationInterface.php Translates a string to the current language or to a given language.
Xss::filter core/lib/Drupal/Component/Utility/Xss.php Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities.
Xss::filterAdmin core/lib/Drupal/Component/Utility/Xss.php Applies a very permissive XSS/HTML filter for admin-only use.

Classes

Namesort descending Location Description
FormattableMarkup core/lib/Drupal/Component/Render/FormattableMarkup.php Formats a string for HTML display by replacing variable placeholders.
HtmlEscapedText core/lib/Drupal/Component/Render/HtmlEscapedText.php Escapes HTML syntax characters to HTML entities for display in markup.