Functions to sanitize values.
See https://www.drupal.org/writing-secure-code for information on writing secure code.
| Name | Location | Description |
|---|---|---|
| check_markup | core/modules/filter/filter.module | Runs all the enabled filters on a piece of text. |
| check_url Deprecated | core/includes/common.inc | Strips dangerous protocols from a URI and encodes it for output to HTML. |
| FormattableMarkup::placeholderFormat | core/lib/Drupal/Component/Render/FormattableMarkup.php | Replaces placeholders in a string with values. |
| format_string Deprecated | core/includes/bootstrap.inc | Formats a string for HTML display by replacing variable placeholders. |
| Html::escape | core/lib/Drupal/Component/Utility/Html.php | Escapes text by converting special characters to HTML entities. |
| ProcessedText::preRenderText | core/modules/filter/src/Element/ProcessedText.php | Pre-render callback: Renders a processed text element into #markup. |
| StringTranslationTrait::t | core/lib/Drupal/Core/StringTranslation/StringTranslationTrait.php | Translates a string to the current language or to a given language. |
| t | core/includes/bootstrap.inc | Translates a string to the current language or to a given language. |
| TranslatableMarkup::__construct | core/lib/Drupal/Core/StringTranslation/TranslatableMarkup.php | Constructs a new class instance. |
| TranslationInterface::translate | core/lib/Drupal/Core/StringTranslation/TranslationInterface.php | Translates a string to the current language or to a given language. |
| Xss::filter | core/lib/Drupal/Component/Utility/Xss.php | Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities. |
| Xss::filterAdmin | core/lib/Drupal/Component/Utility/Xss.php | Applies a very permissive XSS/HTML filter for admin-only use. |
| Name | Location | Description |
|---|---|---|
| FormattableMarkup | core/lib/Drupal/Component/Render/FormattableMarkup.php | Formats a string for HTML display by replacing variable placeholders. |
| HtmlEscapedText | core/lib/Drupal/Component/Render/HtmlEscapedText.php | Escapes HTML syntax characters to HTML entities for display in markup. |
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!includes!common.inc/group/sanitization/8.1.x