3 namespace Drupal\Component\Utility;
5 use Drupal\Component\Render\HtmlEscapedText;
6 use Drupal\Component\Render\FormattableMarkup;
7 use Drupal\Component\Render\MarkupInterface;
10 * Contains deprecated functionality related to sanitization of markup.
12 * @deprecated Will be removed before Drupal 9.0.0. Use the appropriate
13 * @link sanitization sanitization functions @endlink or the @link theme_render theme and render systems @endlink
14 * so that the output can can be themed, escaped, and altered properly.
16 * @see TwigExtension::escapeFilter()
17 * @see twig_render_template()
24 * Checks if a string is safe to output.
26 * @param string|\Drupal\Component\Render\MarkupInterface $string
27 * The content to be checked.
28 * @param string $strategy
29 * (optional) This value is ignored.
32 * TRUE if the string has been marked secure, FALSE otherwise.
34 * @deprecated in Drupal 8.0.x-dev, will be removed before Drupal 9.0.0.
35 * Instead, you should just check if a variable is an instance of
36 * \Drupal\Component\Render\MarkupInterface.
38 public static function isSafe($string, $strategy = 'html') {
39 return $string instanceof MarkupInterface;
43 * Encodes special characters in a plain-text string for display as HTML.
45 * Also validates strings as UTF-8. All processed strings are also
46 * automatically flagged as safe markup strings for rendering.
49 * The text to be checked or processed.
51 * @return \Drupal\Component\Render\HtmlEscapedText
52 * An HtmlEscapedText object that escapes when rendered to string.
54 * @deprecated Will be removed before Drupal 9.0.0. Rely on Twig's
55 * auto-escaping feature, or use the @link theme_render #plain_text @endlink
56 * key when constructing a render array that contains plain text in order to
57 * use the renderer's auto-escaping feature. If neither of these are
58 * possible, \Drupal\Component\Utility\Html::escape() can be used in places
59 * where explicit escaping is needed.
61 * @see drupal_validate_utf8()
63 public static function checkPlain($text) {
64 return new HtmlEscapedText($text);
68 * Formats a string for HTML display by replacing variable placeholders.
70 * @param string $string
71 * A string containing placeholders. The string itself will not be escaped,
72 * any unsafe content must be in $args and inserted via placeholders.
74 * An array with placeholder replacements, keyed by placeholder. See
75 * \Drupal\Component\Render\FormattableMarkup::placeholderFormat() for
76 * additional information about placeholders.
78 * @return string|\Drupal\Component\Render\MarkupInterface
79 * The formatted string, which is an instance of MarkupInterface unless
80 * sanitization of an unsafe argument was suppressed (see above).
82 * @see \Drupal\Component\Render\FormattableMarkup::placeholderFormat()
83 * @see \Drupal\Component\Render\FormattableMarkup
85 * @deprecated in Drupal 8.0.0, will be removed before Drupal 9.0.0.
86 * Use \Drupal\Component\Render\FormattableMarkup.
88 public static function format($string, array $args) {
89 return new FormattableMarkup($string, $args);