#SafeMarkup

Open on Drupal.org →

⚡️ Live updates comments, jobs, and issues, tagged with #SafeMarkup will update issues and activities on this page.

Issues

🐛
XSS attribute filtering is inconsistent and strips valid attributes
Needs work
Drupal core 11.0 — base system
Created over 9 years ago
🇺🇸United States les lim
about 1 month ago
📌
Remove all usage of FormattableMarkup in tests apart from explicit tests of that API
Closed: duplicate
Drupal core 11.0 — phpunit
Created over 9 years ago
🇬🇧United Kingdom alexpott
about 2 months ago
🐛
Ensure no empty strings are fed to TranslatableMarkup
Postponed: needs info
Drupal core 11.0 — language system
Created about 9 years ago
🇧🇪Belgium mr.baileys
2 months ago
🐛
Markup appears by revision settings when translations turned on
Closed: outdated
Drupal core 11.0 — content_translation.module
Created over 9 years ago
🇺🇸United States davidhernandez
2 months ago
📌
Improve FormattableMarkup documentation
Fixed
Drupal core 11.0 — documentation
Created about 9 years ago
🇺🇸United States yesct
3 months ago
🐛
Ensure no placeholder-only strings are translated
Needs work
Drupal core 11.0 — language system
Created about 9 years ago
🇩🇪Germany cpj
3 months ago
🐛
\Drupal\Component\Render\FormattableMarkup::placeholderFormat() triggers fatal error
Closed: outdated
Drupal core 11.0 — render system
Created almost 9 years ago
🇺🇸United States kentr
4 months ago
🐛
Twilio hook to customise incoming message (hook_twilio_message_incoming) is not working in D9 and TwilioController has D9 compatibility issues
RTBC
Twilio 3.0
Created about 1 year ago
🇮🇳India arti.singh
4 months ago
🐛
Make it impossible to double escape with #plain_text
Needs work
Drupal core 11.0 — render system
Created about 9 years ago
🇬🇧United Kingdom alexpott
4 months ago
✨
Empty spaces in the headers cause issues
Closed: cannot reproduce
Migrate Google Sheets 2.0
Created 12 months ago
🇨🇴Colombia tesla863
6 months ago
📌
[no patch] Consolidate change records relating to safe markup and filtering/escaping to ensure cross references exist
Fixed
Drupal core 11.0 — documentation
Created over 9 years ago
🇦🇺Australia larowlan
8 months ago
📌
Refactor aggregator to use processed_text
Fixed
Aggregator 1.0
Created over 9 years ago
🇬🇧United Kingdom alexpott
about 1 year ago
🐛
Double escaping in views attachment titles
Needs work
Drupal core 10.1 — views.module
Created about 9 years ago
🇬🇧United Kingdom alexpott
over 1 year ago
🐛
Attribute class to check safe strings before escaping (has tests)
Closed: outdated
Drupal core 9.5 — theme system
Created over 9 years ago
🇨🇦Canada joelpittet
almost 2 years ago
📌
Replace !placeholder with @placeholder where needed in JavaScript
Needs review
Drupal core 10.1 — javascript
Created about 9 years ago
🇳🇱Netherlands sutharsan
almost 2 years ago
📌
Standardise on either @placeholder or :placeholder for non-attribute URLs in t()
Closed: outdated
Drupal core 9.5 — documentation
Created about 9 years ago
🇬🇧United Kingdom catch
over 1 year ago

Activities

No activities found.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024

#SafeMarkup

Issues

XSS attribute filtering is inconsistent and strips valid attributesNeeds workDrupal core 11.0 — base system Created over 9 years ago

Remove all usage of FormattableMarkup in tests apart from explicit tests of that APIClosed: duplicateDrupal core 11.0 — phpunit Created over 9 years ago

Ensure no empty strings are fed to TranslatableMarkupPostponed: needs infoDrupal core 11.0 — language system Created about 9 years ago

Markup appears by revision settings when translations turned onClosed: outdatedDrupal core 11.0 — content_translation.module Created over 9 years ago

Improve FormattableMarkup documentationFixedDrupal core 11.0 — documentation Created about 9 years ago

Ensure no placeholder-only strings are translatedNeeds workDrupal core 11.0 — language system Created about 9 years ago

\Drupal\Component\Render\FormattableMarkup::placeholderFormat() triggers fatal errorClosed: outdatedDrupal core 11.0 — render system Created almost 9 years ago

Twilio hook to customise incoming message (hook_twilio_message_incoming) is not working in D9 and TwilioController has D9 compatibility issuesRTBCTwilio 3.0 Created about 1 year ago

Make it impossible to double escape with #plain_textNeeds workDrupal core 11.0 — render system Created about 9 years ago

Empty spaces in the headers cause issuesClosed: cannot reproduceMigrate Google Sheets 2.0 Created 12 months ago

[no patch] Consolidate change records relating to safe markup and filtering/escaping to ensure cross references existFixedDrupal core 11.0 — documentation Created over 9 years ago

Refactor aggregator to use processed_textFixedAggregator 1.0 Created over 9 years ago

Double escaping in views attachment titlesNeeds workDrupal core 10.1 — views.module Created about 9 years ago

Attribute class to check safe strings before escaping (has tests)Closed: outdatedDrupal core 9.5 — theme system Created over 9 years ago

Replace !placeholder with @placeholder where needed in JavaScript Needs reviewDrupal core 10.1 — javascript Created about 9 years ago

Standardise on either @placeholder or :placeholder for non-attribute URLs in t()Closed: outdatedDrupal core 9.5 — documentation Created about 9 years ago

Activities

XSS attribute filtering is inconsistent and strips valid attributes
Needs work
Drupal core 11.0 — base system
Created over 9 years ago

Remove all usage of FormattableMarkup in tests apart from explicit tests of that API
Closed: duplicate
Drupal core 11.0 — phpunit
Created over 9 years ago

Ensure no empty strings are fed to TranslatableMarkup
Postponed: needs info
Drupal core 11.0 — language system
Created about 9 years ago

Markup appears by revision settings when translations turned on
Closed: outdated
Drupal core 11.0 — content_translation.module
Created over 9 years ago

Improve FormattableMarkup documentation
Fixed
Drupal core 11.0 — documentation
Created about 9 years ago

Ensure no placeholder-only strings are translated
Needs work
Drupal core 11.0 — language system
Created about 9 years ago

\Drupal\Component\Render\FormattableMarkup::placeholderFormat() triggers fatal error
Closed: outdated
Drupal core 11.0 — render system
Created almost 9 years ago

Twilio hook to customise incoming message (hook_twilio_message_incoming) is not working in D9 and TwilioController has D9 compatibility issues
RTBC
Twilio 3.0
Created about 1 year ago

Make it impossible to double escape with #plain_text
Needs work
Drupal core 11.0 — render system
Created about 9 years ago

Empty spaces in the headers cause issues
Closed: cannot reproduce
Migrate Google Sheets 2.0
Created 12 months ago

[no patch] Consolidate change records relating to safe markup and filtering/escaping to ensure cross references exist
Fixed
Drupal core 11.0 — documentation
Created over 9 years ago

Refactor aggregator to use processed_text
Fixed
Aggregator 1.0
Created over 9 years ago

Double escaping in views attachment titles
Needs work
Drupal core 10.1 — views.module
Created about 9 years ago

Attribute class to check safe strings before escaping (has tests)
Closed: outdated
Drupal core 9.5 — theme system
Created over 9 years ago

Replace !placeholder with @placeholder where needed in JavaScript
Needs review
Drupal core 10.1 — javascript
Created about 9 years ago

Standardise on either @placeholder or :placeholder for non-attribute URLs in t()
Closed: outdated
Drupal core 9.5 — documentation
Created about 9 years ago