#SafeMarkup

Open on Drupal.org →

⚡️ Live updates comments, jobs, and issues, tagged with #SafeMarkup will update issues and activities on this page.

Issues

📌
Review all usages of Xss::filter(), Xss::filterAdmin(), and Html::escape()
Needs work
Drupal core 11.0 — theme system
Created about 10 years ago
🇬🇧United Kingdom alexpott
28 days ago
🐛
{% trans %} (and other parts of templates) are unable to use URL escaping
Needs work
Drupal core 11.0 — theme system
Created almost 10 years ago
🇫🇮Finland lauriii
about 1 month ago
📌
Remove all usage of FormattableMarkup in tests apart from explicit tests of that API
Closed: duplicate
Drupal core 11.0 — phpunit
Created about 10 years ago
🇬🇧United Kingdom alexpott
about 1 month ago
📌
Follow up to #2555931: Fix comments
Postponed: needs info
Drupal core 11.0 — render system
Created almost 10 years ago
🇳🇱Netherlands stefan.r
about 1 month ago
📌
Refactor template_preprocess_file_widget_multiple() to use the twig template and not do so much early rendering
Postponed: needs info
Drupal core 11.0 — theme system
Created about 10 years ago
🇺🇸United States tedstein
about 1 month ago
📌
Rename SafeStringInterface to MarkupInterface and move related classes
Fixed
Drupal core 8.0 — base system
Created almost 10 years ago
🇬🇧United Kingdom alexpott
about 2 months ago
📌
Refactor theme_escape_and_render() and TwigExtension::escapeFilter() to share reused code
Postponed: needs info
Drupal core 11.0 — theme system
Created almost 10 years ago
🇺🇸United States xjm
about 2 months ago
📌
Add an EscapedStringInterface and use it in Attribute
Postponed: needs info
Drupal core 11.0 — base system
Created almost 10 years ago
🇬🇧United Kingdom alexpott
2 months ago
📌
Figure out whether we need a dedicated output strategy for select elements
Postponed: needs info
Drupal core 11.0 — base system
Created almost 10 years ago
🇮🇹Italy plach
2 months ago
📌
In Views, FieldPluginBase::renderAsLink() should return a render array, not a string
Postponed: needs info
Drupal core 11.0 — views.module
Created almost 10 years ago
🇺🇸United States pwolanin
3 months ago
🐛
XSS attribute filtering is inconsistent and strips valid attributes
Needs review
Drupal core 10.1 — base system
Created about 10 years ago
🇺🇸United States les lim
3 months ago
📌
Use inline_templates in TranslateEditForm::buildForm() and PluralString::getTranslationElement()
Postponed: needs info
Drupal core 11.0 — markup
Created about 10 years ago
maxocub
5 months ago
🐛
Ensure no empty strings are fed to TranslatableMarkup
Postponed: needs info
Drupal core 11.0 — language system
Created almost 10 years ago
🇧🇪Belgium mr.baileys
5 months ago
📌
Bring SafeMarkup::format()/t() docs up to date with the final state of the sanitization API
Closed: outdated
Drupal core 11.0 — base system
Created almost 10 years ago
🇬🇧United Kingdom catch
6 months ago
🐛
Make it impossible to double escape with #plain_text
Needs review
Drupal core 10.1 — render system
Created almost 10 years ago
🇬🇧United Kingdom alexpott
8 months ago
🐛
Markup appears by revision settings when translations turned on
Closed: outdated
Drupal core 11.0 — content_translation.module
Created about 10 years ago
🇺🇸United States davidhernandez
11 months ago
📌
Improve FormattableMarkup documentation
Fixed
Drupal core 11.0 — documentation
Created almost 10 years ago
🇺🇸United States yesct
11 months ago
🐛
Ensure no placeholder-only strings are translated
Needs work
Drupal core 11.0 — language system
Created almost 10 years ago
🇩🇪Germany cpj
12 months ago
🐛
\Drupal\Component\Render\FormattableMarkup::placeholderFormat() triggers fatal error
Closed: outdated
Drupal core 11.0 — render system
Created over 9 years ago
🇺🇸United States kentr
about 1 year ago
🐛
Twilio hook to customise incoming message (hook_twilio_message_incoming) is not working in D9 and TwilioController has D9 compatibility issues
RTBC
Twilio 3.0
Created over 1 year ago
🇮🇳India arti.singh
about 1 year ago
✨
Empty spaces in the headers cause issues
Closed: cannot reproduce
Migrate Google Sheets 2.0
Created over 1 year ago
🇨🇴Colombia tesla863
about 1 year ago
📌
[no patch] Consolidate change records relating to safe markup and filtering/escaping to ensure cross references exist
Fixed
Drupal core 11.0 — documentation
Created about 10 years ago
🇦🇺Australia larowlan
over 1 year ago
📌
Refactor aggregator to use processed_text
Fixed
Aggregator 1.0
Created almost 10 years ago
🇬🇧United Kingdom alexpott
almost 2 years ago
🐛
Double escaping in views attachment titles
Needs work
Drupal core 10.1 — views.module
Created almost 10 years ago
🇬🇧United Kingdom alexpott
about 2 years ago
🐛
Attribute class to check safe strings before escaping (has tests)
Closed: outdated
Drupal core 9.5 — theme system
Created about 10 years ago
🇨🇦Canada joelpittet
over 2 years ago
📌
Replace !placeholder with @placeholder where needed in JavaScript
Needs review
Drupal core 10.1 — javascript
Created almost 10 years ago
🇳🇱Netherlands sutharsan
over 2 years ago
📌
Standardise on either @placeholder or :placeholder for non-attribute URLs in t()
Closed: outdated
Drupal core 9.5 — documentation
Created almost 10 years ago
🇬🇧United Kingdom catch
over 2 years ago

Activities

No activities found.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024

#SafeMarkup

Issues

Review all usages of Xss::filter(), Xss::filterAdmin(), and Html::escape()Needs workDrupal core 11.0 — theme system Created about 10 years ago

{% trans %} (and other parts of templates) are unable to use URL escapingNeeds workDrupal core 11.0 — theme system Created almost 10 years ago

Remove all usage of FormattableMarkup in tests apart from explicit tests of that APIClosed: duplicateDrupal core 11.0 — phpunit Created about 10 years ago

Follow up to #2555931: Fix commentsPostponed: needs infoDrupal core 11.0 — render system Created almost 10 years ago

Refactor template_preprocess_file_widget_multiple() to use the twig template and not do so much early renderingPostponed: needs infoDrupal core 11.0 — theme system Created about 10 years ago

Rename SafeStringInterface to MarkupInterface and move related classesFixedDrupal core 8.0 — base system Created almost 10 years ago

Refactor theme_escape_and_render() and TwigExtension::escapeFilter() to share reused codePostponed: needs infoDrupal core 11.0 — theme system Created almost 10 years ago

Add an EscapedStringInterface and use it in AttributePostponed: needs infoDrupal core 11.0 — base system Created almost 10 years ago

Figure out whether we need a dedicated output strategy for select elementsPostponed: needs infoDrupal core 11.0 — base system Created almost 10 years ago

In Views, FieldPluginBase::renderAsLink() should return a render array, not a stringPostponed: needs infoDrupal core 11.0 — views.module Created almost 10 years ago

XSS attribute filtering is inconsistent and strips valid attributesNeeds reviewDrupal core 10.1 — base system Created about 10 years ago

Use inline_templates in TranslateEditForm::buildForm() and PluralString::getTranslationElement()Postponed: needs infoDrupal core 11.0 — markup Created about 10 years ago

Ensure no empty strings are fed to TranslatableMarkupPostponed: needs infoDrupal core 11.0 — language system Created almost 10 years ago

Bring SafeMarkup::format()/t() docs up to date with the final state of the sanitization APIClosed: outdatedDrupal core 11.0 — base system Created almost 10 years ago

Make it impossible to double escape with #plain_textNeeds reviewDrupal core 10.1 — render system Created almost 10 years ago

Markup appears by revision settings when translations turned onClosed: outdatedDrupal core 11.0 — content_translation.module Created about 10 years ago

Improve FormattableMarkup documentationFixedDrupal core 11.0 — documentation Created almost 10 years ago

Ensure no placeholder-only strings are translatedNeeds workDrupal core 11.0 — language system Created almost 10 years ago

\Drupal\Component\Render\FormattableMarkup::placeholderFormat() triggers fatal errorClosed: outdatedDrupal core 11.0 — render system Created over 9 years ago

Twilio hook to customise incoming message (hook_twilio_message_incoming) is not working in D9 and TwilioController has D9 compatibility issuesRTBCTwilio 3.0 Created over 1 year ago

Empty spaces in the headers cause issuesClosed: cannot reproduceMigrate Google Sheets 2.0 Created over 1 year ago

[no patch] Consolidate change records relating to safe markup and filtering/escaping to ensure cross references existFixedDrupal core 11.0 — documentation Created about 10 years ago

Refactor aggregator to use processed_textFixedAggregator 1.0 Created almost 10 years ago

Double escaping in views attachment titlesNeeds workDrupal core 10.1 — views.module Created almost 10 years ago

Attribute class to check safe strings before escaping (has tests)Closed: outdatedDrupal core 9.5 — theme system Created about 10 years ago

Replace !placeholder with @placeholder where needed in JavaScript Needs reviewDrupal core 10.1 — javascript Created almost 10 years ago

Standardise on either @placeholder or :placeholder for non-attribute URLs in t()Closed: outdatedDrupal core 9.5 — documentation Created almost 10 years ago

Activities

Review all usages of Xss::filter(), Xss::filterAdmin(), and Html::escape()
Needs work
Drupal core 11.0 — theme system
Created about 10 years ago

{% trans %} (and other parts of templates) are unable to use URL escaping
Needs work
Drupal core 11.0 — theme system
Created almost 10 years ago

Remove all usage of FormattableMarkup in tests apart from explicit tests of that API
Closed: duplicate
Drupal core 11.0 — phpunit
Created about 10 years ago

Follow up to #2555931: Fix comments
Postponed: needs info
Drupal core 11.0 — render system
Created almost 10 years ago

Refactor template_preprocess_file_widget_multiple() to use the twig template and not do so much early rendering
Postponed: needs info
Drupal core 11.0 — theme system
Created about 10 years ago

Rename SafeStringInterface to MarkupInterface and move related classes
Fixed
Drupal core 8.0 — base system
Created almost 10 years ago

Refactor theme_escape_and_render() and TwigExtension::escapeFilter() to share reused code
Postponed: needs info
Drupal core 11.0 — theme system
Created almost 10 years ago

Add an EscapedStringInterface and use it in Attribute
Postponed: needs info
Drupal core 11.0 — base system
Created almost 10 years ago

Figure out whether we need a dedicated output strategy for select elements
Postponed: needs info
Drupal core 11.0 — base system
Created almost 10 years ago

In Views, FieldPluginBase::renderAsLink() should return a render array, not a string
Postponed: needs info
Drupal core 11.0 — views.module
Created almost 10 years ago

XSS attribute filtering is inconsistent and strips valid attributes
Needs review
Drupal core 10.1 — base system
Created about 10 years ago

Use inline_templates in TranslateEditForm::buildForm() and PluralString::getTranslationElement()
Postponed: needs info
Drupal core 11.0 — markup
Created about 10 years ago

Ensure no empty strings are fed to TranslatableMarkup
Postponed: needs info
Drupal core 11.0 — language system
Created almost 10 years ago

Bring SafeMarkup::format()/t() docs up to date with the final state of the sanitization API
Closed: outdated
Drupal core 11.0 — base system
Created almost 10 years ago

Make it impossible to double escape with #plain_text
Needs review
Drupal core 10.1 — render system
Created almost 10 years ago

Markup appears by revision settings when translations turned on
Closed: outdated
Drupal core 11.0 — content_translation.module
Created about 10 years ago

Improve FormattableMarkup documentation
Fixed
Drupal core 11.0 — documentation
Created almost 10 years ago

Ensure no placeholder-only strings are translated
Needs work
Drupal core 11.0 — language system
Created almost 10 years ago

\Drupal\Component\Render\FormattableMarkup::placeholderFormat() triggers fatal error
Closed: outdated
Drupal core 11.0 — render system
Created over 9 years ago

Twilio hook to customise incoming message (hook_twilio_message_incoming) is not working in D9 and TwilioController has D9 compatibility issues
RTBC
Twilio 3.0
Created over 1 year ago

Empty spaces in the headers cause issues
Closed: cannot reproduce
Migrate Google Sheets 2.0
Created over 1 year ago

[no patch] Consolidate change records relating to safe markup and filtering/escaping to ensure cross references exist
Fixed
Drupal core 11.0 — documentation
Created about 10 years ago

Refactor aggregator to use processed_text
Fixed
Aggregator 1.0
Created almost 10 years ago

Double escaping in views attachment titles
Needs work
Drupal core 10.1 — views.module
Created almost 10 years ago

Attribute class to check safe strings before escaping (has tests)
Closed: outdated
Drupal core 9.5 — theme system
Created about 10 years ago

Replace !placeholder with @placeholder where needed in JavaScript
Needs review
Drupal core 10.1 — javascript
Created almost 10 years ago

Standardise on either @placeholder or :placeholder for non-attribute URLs in t()
Closed: outdated
Drupal core 9.5 — documentation
Created almost 10 years ago