Update to Drupal 8.0.0-beta15. For more information, see: https://www.drupal.org/node/2563023
This commit is contained in:
Pantheon Automation
Greg Anderson
parent
2720a9ec4b
commit
f3791f1da3
1898 changed files with 54300 additions and 11481 deletions
|
|
@ -338,14 +338,59 @@ EOD;
|
|||
* "<", not "<"). Be careful when using this function, as it will revert
|
||||
* previous sanitization efforts (<script> will become <script>).
|
||||
*
|
||||
* This method is not the opposite of Html::escape(). For example, this method
|
||||
* will convert "é" to "é", whereas Html::escape() will not convert "é"
|
||||
* to "é".
|
||||
*
|
||||
* @param string $text
|
||||
* The text to decode entities in.
|
||||
*
|
||||
* @return string
|
||||
* The input $text, with all HTML entities decoded once.
|
||||
*
|
||||
* @see html_entity_decode()
|
||||
* @see \Drupal\Component\Utility\Html::escape()
|
||||
*/
|
||||
public static function decodeEntities($text) {
|
||||
return html_entity_decode($text, ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
|
||||
/**
|
||||
* Escapes text by converting special characters to HTML entities.
|
||||
*
|
||||
* This method escapes HTML for sanitization purposes by replacing the
|
||||
* following special characters with their HTML entity equivalents:
|
||||
* - & (ampersand) becomes &
|
||||
* - " (double quote) becomes "
|
||||
* - ' (single quote) becomes '
|
||||
* - < (less than) becomes <
|
||||
* - > (greater than) becomes >
|
||||
* Special characters that have already been escaped will be double-escaped
|
||||
* (for example, "<" becomes "&lt;"), and invalid UTF-8 encoding
|
||||
* will be converted to the Unicode replacement character ("<EFBFBD>").
|
||||
*
|
||||
* This method is not the opposite of Html::decodeEntities(). For example,
|
||||
* this method will not encode "é" to "é", whereas
|
||||
* Html::decodeEntities() will convert all HTML entities to UTF-8 bytes,
|
||||
* including "é" and "<" to "é" and "<".
|
||||
*
|
||||
* When constructing @link theme_render render arrays @endlink passing the output of Html::escape() to
|
||||
* '#markup' is not recommended. Use the '#plain_text' key instead and the
|
||||
* renderer will autoescape the text.
|
||||
*
|
||||
* @param string $text
|
||||
* The input text.
|
||||
*
|
||||
* @return string
|
||||
* The text with all HTML special characters converted.
|
||||
*
|
||||
* @see htmlspecialchars()
|
||||
* @see \Drupal\Component\Utility\Html::decodeEntities()
|
||||
*
|
||||
* @ingroup sanitization
|
||||
*/
|
||||
public static function escape($text) {
|
||||
return htmlspecialchars($text, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue