Sanitization functions in Drupal 8
Same name and namespace in other branches
- 7 includes/common.inc \sanitization
Functions to sanitize values.
See https://www.drupal.org/writing-secure-code for information on writing secure code.
File
- core/
includes/ common.inc, line 190 - Common functions that many Drupal modules will need to reference.
Functions
Name |
Location | Description |
|---|---|---|
| check_markup |
core/ |
Runs all the enabled filters on a piece of text. |
| check_url Deprecated |
core/ |
Strips dangerous protocols from a URI and encodes it for output to HTML. |
|
FormattableMarkup:: |
core/ |
Replaces placeholders in a string with values. |
| format_string Deprecated |
core/ |
Formats a string for HTML display by replacing variable placeholders. |
|
Html:: |
core/ |
Escapes text by converting special characters to HTML entities. |
|
ProcessedText:: |
core/ |
Pre-render callback: Renders a processed text element into #markup. |
|
StringTranslationTrait:: |
core/ |
Translates a string to the current language or to a given language. |
| t |
core/ |
Translates a string to the current language or to a given language. |
|
TranslatableMarkup:: |
core/ |
Constructs a new class instance. |
|
TranslationInterface:: |
core/ |
Translates a string to the current language or to a given language. |
|
Xss:: |
core/ |
Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities. |
|
Xss:: |
core/ |
Applies a very permissive XSS/HTML filter for admin-only use. |
Classes
|
Name |
Location | Description |
|---|---|---|
| FormattableMarkup |
core/ |
Formats a string for HTML display by replacing variable placeholders. |
| HtmlEscapedText |
core/ |
Escapes HTML syntax characters to HTML entities for display in markup. |