Attribute class to check safe strings before escaping (has tests)

Created on 12 July 2015, about 9 years ago

Updated 16 February 2023, over 1 year ago

#2506133: Replace SafeMarkup::set() in \Drupal\Core\Template\Attribute → has overlooked a fairly common use case, which now gets double escaped when translated titles are used as attributes.

Translated attribute values.

Example in core: feed_icon

$variables['attributes']['title'] = t('Message: @escaped', ['@escaped' => '<>']);

Will escape it once in t, if not marked safe, once in attributes, then once more in twig because the string changed in attributes.

If we mark it safe it still gets escaped at least twice...

Avoid htmlspecialchars() escaping in attribute if it's marked safe?

Review & commit

None

N/A

🐛 Bug report

Status

Closed: outdated

Version

9.5

Component

Theme →

Last updated about 5 hours ago

Created by

🇨🇦Canada joelpittet Vancouver

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024