本文整理汇总了PHP中Drupal\Component\Utility\SafeMarkup::isSafe方法的典型用法代码示例。如果您正苦于以下问题:PHP SafeMarkup::isSafe方法的具体用法?PHP SafeMarkup::isSafe怎么用?PHP SafeMarkup::isSafe使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Drupal\Component\Utility\SafeMarkup
的用法示例。
在下文中一共展示了SafeMarkup::isSafe方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: testRenderCacheProperties
/**
* Tests that #cache_properties are properly handled.
*
* @param array $expected_results
* An associative array of expected results keyed by property name.
*
* @covers ::render
* @covers ::doRender
* @covers \Drupal\Core\Render\RenderCache::get
* @covers \Drupal\Core\Render\RenderCache::set
* @covers \Drupal\Core\Render\RenderCache::createCacheID
* @covers \Drupal\Core\Render\RenderCache::getCacheableRenderArray
*
* @dataProvider providerTestRenderCacheProperties
*/
public function testRenderCacheProperties(array $expected_results) {
$this->setUpRequest();
$this->setupMemoryCache();
$element = $original = [
'#cache' => [
'keys' => ['render_cache_test'],
],
// Collect expected property names.
'#cache_properties' => array_keys(array_filter($expected_results)),
'child1' => ['#markup' => Markup::create('1')],
'child2' => ['#markup' => Markup::create('2')],
// Mark the value as safe.
'#custom_property' => Markup::create('custom_value'),
'#custom_property_array' => ['custom value'],
];
$this->renderer->renderRoot($element);
$cache = $this->cacheFactory->get('render');
$data = $cache->get('render_cache_test:en:stark')->data;
// Check that parent markup is ignored when caching children's markup.
$this->assertEquals($data['#markup'] === '', (bool) Element::children($data));
// Check that the element properties are cached as specified.
foreach ($expected_results as $property => $expected) {
$cached = !empty($data[$property]);
$this->assertEquals($cached, (bool) $expected);
// Check that only the #markup key is preserved for children.
if ($cached) {
$this->assertEquals($data[$property], $original[$property]);
}
}
// #custom_property_array can not be a safe_cache_property.
$safe_cache_properties = array_diff(Element::properties(array_filter($expected_results)), ['#custom_property_array']);
foreach ($safe_cache_properties as $cache_property) {
$this->assertTrue(SafeMarkup::isSafe($data[$cache_property]), "$cache_property is marked as a safe string");
}
}
示例2: testRediscover
/**
* Tests the rediscovering.
*/
public function testRediscover()
{
\Drupal::state()->set('menu_link_content_dynamic_route.routes', ['route_name_1' => new Route('/example-path')]);
\Drupal::service('router.builder')->rebuild();
// Set up a custom menu link pointing to a specific path.
MenuLinkContent::create(['title' => '<script>alert("Welcome to the discovered jungle!")</script>', 'link' => [['uri' => 'internal:/example-path']], 'menu_name' => 'tools'])->save();
$menu_tree = \Drupal::menuTree()->load('tools', new MenuTreeParameters());
$this->assertEqual(1, count($menu_tree));
/** @var \Drupal\Core\Menu\MenuLinkTreeElement $tree_element */
$tree_element = reset($menu_tree);
$this->assertEqual('route_name_1', $tree_element->link->getRouteName());
// Change the underlying route and trigger the rediscovering.
\Drupal::state()->set('menu_link_content_dynamic_route.routes', ['route_name_2' => new Route('/example-path')]);
\Drupal::service('router.builder')->rebuild();
// Ensure that the new route name / parameters are captured by the tree.
$menu_tree = \Drupal::menuTree()->load('tools', new MenuTreeParameters());
$this->assertEqual(1, count($menu_tree));
/** @var \Drupal\Core\Menu\MenuLinkTreeElement $tree_element */
$tree_element = reset($menu_tree);
$this->assertEqual('route_name_2', $tree_element->link->getRouteName());
$title = $tree_element->link->getTitle();
$this->assertFalse($title instanceof TranslationWrapper);
$this->assertIdentical('<script>alert("Welcome to the discovered jungle!")</script>', $title);
$this->assertFalse(SafeMarkup::isSafe($title));
}
示例3: testBuildRowEntityList
/**
* Tests the listing of displays on a views list builder.
*
* @see \Drupal\views_ui\ViewListBuilder::getDisplaysList()
* @covers ::buildRow
*/
public function testBuildRowEntityList()
{
$storage = $this->getMockBuilder('Drupal\\Core\\Config\\Entity\\ConfigEntityStorage')->disableOriginalConstructor()->getMock();
$display_manager = $this->getMockBuilder('\\Drupal\\views\\Plugin\\ViewsPluginManager')->disableOriginalConstructor()->getMock();
$display_manager->expects($this->any())->method('getDefinition')->will($this->returnValueMap(array(array('default', TRUE, array('id' => 'default', 'title' => 'Master', 'theme' => 'views_view', 'no_ui' => TRUE, 'admin' => '')), array('page', TRUE, array('id' => 'page', 'title' => 'Page', 'uses_menu_links' => TRUE, 'uses_route' => TRUE, 'contextual_links_locations' => array('page'), 'theme' => 'views_view', 'admin' => 'Page admin label')), array('embed', TRUE, array('id' => 'embed', 'title' => 'embed', 'theme' => 'views_view', 'admin' => 'Embed admin label')))));
$default_display = $this->getMock('Drupal\\views\\Plugin\\views\\display\\DefaultDisplay', array('initDisplay'), array(array(), 'default', $display_manager->getDefinition('default')));
$route_provider = $this->getMock('Drupal\\Core\\Routing\\RouteProviderInterface');
$state = $this->getMock('\\Drupal\\Core\\State\\StateInterface');
$menu_storage = $this->getMock('\\Drupal\\Core\\Entity\\EntityStorageInterface');
$page_display = $this->getMock('Drupal\\views\\Plugin\\views\\display\\Page', array('initDisplay', 'getPath'), array(array(), 'default', $display_manager->getDefinition('page'), $route_provider, $state, $menu_storage));
$page_display->expects($this->any())->method('getPath')->will($this->onConsecutiveCalls($this->returnValue('test_page'), $this->returnValue('<object>malformed_path</object>'), $this->returnValue('<script>alert("placeholder_page/%")</script>')));
$embed_display = $this->getMock('Drupal\\views\\Plugin\\views\\display\\Embed', array('initDisplay'), array(array(), 'default', $display_manager->getDefinition('embed')));
$values = array();
$values['status'] = FALSE;
$values['display']['default']['id'] = 'default';
$values['display']['default']['display_title'] = 'Display';
$values['display']['default']['display_plugin'] = 'default';
$values['display']['page_1']['id'] = 'page_1';
$values['display']['page_1']['display_title'] = 'Page 1';
$values['display']['page_1']['display_plugin'] = 'page';
$values['display']['page_1']['display_options']['path'] = 'test_page';
$values['display']['page_2']['id'] = 'page_2';
$values['display']['page_2']['display_title'] = 'Page 2';
$values['display']['page_2']['display_plugin'] = 'page';
$values['display']['page_2']['display_options']['path'] = '<object>malformed_path</object>';
$values['display']['page_3']['id'] = 'page_3';
$values['display']['page_3']['display_title'] = 'Page 3';
$values['display']['page_3']['display_plugin'] = 'page';
$values['display']['page_3']['display_options']['path'] = '<script>alert("placeholder_page/%")</script>';
$values['display']['embed']['id'] = 'embed';
$values['display']['embed']['display_title'] = 'Embedded';
$values['display']['embed']['display_plugin'] = 'embed';
$display_manager->expects($this->any())->method('createInstance')->will($this->returnValueMap(array(array('default', $values['display']['default'], $default_display), array('page', $values['display']['page_1'], $page_display), array('page', $values['display']['page_2'], $page_display), array('page', $values['display']['page_3'], $page_display), array('embed', $values['display']['embed'], $embed_display))));
$container = new ContainerBuilder();
$user = $this->getMock('Drupal\\Core\\Session\\AccountInterface');
$request_stack = new RequestStack();
$request_stack->push(new Request());
$views_data = $this->getMockBuilder('Drupal\\views\\ViewsData')->disableOriginalConstructor()->getMock();
$route_provider = $this->getMock('Drupal\\Core\\Routing\\RouteProviderInterface');
$executable_factory = new ViewExecutableFactory($user, $request_stack, $views_data, $route_provider);
$container->set('views.executable', $executable_factory);
$container->set('plugin.manager.views.display', $display_manager);
\Drupal::setContainer($container);
// Setup a view list builder with a mocked buildOperations method,
// because t() is called on there.
$entity_type = $this->getMock('Drupal\\Core\\Entity\\EntityTypeInterface');
$view_list_builder = new TestViewListBuilder($entity_type, $storage, $display_manager);
$view_list_builder->setStringTranslation($this->getStringTranslationStub());
$view = new View($values, 'view');
$row = $view_list_builder->buildRow($view);
$expected_displays = array('Embed admin label', 'Page admin label', 'Page admin label', 'Page admin label');
$this->assertEquals($expected_displays, $row['data']['view_name']['data']['#displays']);
$display_paths = $row['data']['path']['data']['#items'];
// These values will be escaped by Twig when rendered.
$this->assertEquals('/test_page, /<object>malformed_path</object>, /<script>alert("placeholder_page/%")</script>', implode(', ', $display_paths));
$this->assertFalse(SafeMarkup::isSafe('/<object>malformed_path</object>'), '/<script>alert("/<object>malformed_path</object> is not marked safe.');
$this->assertFalse(SafeMarkup::isSafe('/<script>alert("placeholder_page/%")'), '/<script>alert("/<script>alert("placeholder_page/%") is not marked safe.');
}
示例4: testFormatPlural
/**
* @dataProvider providerTestFormatPlural
*/
public function testFormatPlural($count, $singular, $plural, array $args = array(), array $options = array(), $expected)
{
$translator = $this->getMock('\\Drupal\\Core\\StringTranslation\\Translator\\TranslatorInterface');
$translator->expects($this->once())->method('getStringTranslation')->will($this->returnCallback(function ($langcode, $string) {
return $string;
}));
$this->translationManager->addTranslator($translator);
$result = $this->translationManager->formatPlural($count, $singular, $plural, $args, $options);
$this->assertEquals($expected, $result);
$this->assertTrue(SafeMarkup::isSafe($result));
}
示例5: testRediscover
/**
* Tests the rediscovering.
*/
public function testRediscover()
{
\Drupal::state()->set('menu_link_content_dynamic_route.routes', ['route_name_1' => new Route('/example-path')]);
\Drupal::service('router.builder')->rebuild();
// Set up a custom menu link pointing to a specific path.
$parent = MenuLinkContent::create(['title' => '<script>alert("Welcome to the discovered jungle!")</script>', 'link' => [['uri' => 'internal:/example-path']], 'menu_name' => 'tools']);
$parent->save();
$menu_tree = \Drupal::menuTree()->load('tools', new MenuTreeParameters());
$this->assertEqual(1, count($menu_tree));
/** @var \Drupal\Core\Menu\MenuLinkTreeElement $tree_element */
$tree_element = reset($menu_tree);
$this->assertEqual('route_name_1', $tree_element->link->getRouteName());
// Change the underlying route and trigger the rediscovering.
\Drupal::state()->set('menu_link_content_dynamic_route.routes', ['route_name_2' => new Route('/example-path')]);
\Drupal::service('router.builder')->rebuild();
// Ensure that the new route name / parameters are captured by the tree.
$menu_tree = \Drupal::menuTree()->load('tools', new MenuTreeParameters());
$this->assertEqual(1, count($menu_tree));
/** @var \Drupal\Core\Menu\MenuLinkTreeElement $tree_element */
$tree_element = reset($menu_tree);
$this->assertEqual('route_name_2', $tree_element->link->getRouteName());
$title = $tree_element->link->getTitle();
$this->assertFalse($title instanceof TranslatableMarkup);
$this->assertIdentical('<script>alert("Welcome to the discovered jungle!")</script>', $title);
$this->assertFalse(SafeMarkup::isSafe($title));
// Create a hierarchy.
\Drupal::state()->set('menu_link_content_dynamic_route.routes', ['route_name_1' => new Route('/example-path'), 'route_name_2' => new Route('/example-path/child')]);
$child = MenuLinkContent::create(['title' => 'Child', 'link' => [['uri' => 'entity:/example-path/child']], 'menu_name' => 'tools', 'parent' => 'menu_link_content:' . $parent->uuid()]);
$child->save();
$parent->set('link', [['uri' => 'entity:/example-path']]);
$parent->save();
$menu_tree = \Drupal::menuTree()->load('tools', new MenuTreeParameters());
$this->assertEqual(1, count($menu_tree));
/** @var \Drupal\Core\Menu\MenuLinkTreeElement $tree_element */
$tree_element = reset($menu_tree);
$this->assertTrue($tree_element->hasChildren);
$this->assertEqual(1, count($tree_element->subtree));
// Edit child element link to use 'internal' instead of 'entity'.
$child->set('link', [['uri' => 'internal:/example-path/child']]);
$child->save();
\Drupal::service('plugin.manager.menu.link')->rebuild();
$menu_tree = \Drupal::menuTree()->load('tools', new MenuTreeParameters());
$this->assertEqual(1, count($menu_tree));
/** @var \Drupal\Core\Menu\MenuLinkTreeElement $tree_element */
$tree_element = reset($menu_tree);
$this->assertTrue($tree_element->hasChildren);
$this->assertEqual(1, count($tree_element->subtree));
}
示例6: testCommentPreview
/**
* Tests comment preview.
*/
function testCommentPreview()
{
// As admin user, configure comment settings.
$this->drupalLogin($this->adminUser);
$this->setCommentPreview(DRUPAL_OPTIONAL);
$this->setCommentForm(TRUE);
$this->setCommentSubject(TRUE);
$this->setCommentSettings('default_mode', CommentManagerInterface::COMMENT_MODE_THREADED, 'Comment paging changed.');
$this->drupalLogout();
// Login as web user.
$this->drupalLogin($this->webUser);
// Test escaping of the username on the preview form.
\Drupal::service('module_installer')->install(['user_hooks_test']);
\Drupal::state()->set('user_hooks_test_user_format_name_alter', TRUE);
$edit = array();
$edit['subject[0][value]'] = $this->randomMachineName(8);
$edit['comment_body[0][value]'] = $this->randomMachineName(16);
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
$this->assertEscaped('<em>' . $this->webUser->id() . '</em>');
\Drupal::state()->set('user_hooks_test_user_format_name_alter_safe', TRUE);
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
$this->assertTrue(SafeMarkup::isSafe($this->webUser->getDisplayName()), 'Username is marked safe');
$this->assertNoEscaped('<em>' . $this->webUser->id() . '</em>');
$this->assertRaw('<em>' . $this->webUser->id() . '</em>');
// Add a user picture.
$image = current($this->drupalGetTestFiles('image'));
$user_edit['files[user_picture_0]'] = drupal_realpath($image->uri);
$this->drupalPostForm('user/' . $this->webUser->id() . '/edit', $user_edit, t('Save'));
// As the web user, fill in the comment form and preview the comment.
$this->drupalPostForm('node/' . $this->node->id(), $edit, t('Preview'));
// Check that the preview is displaying the title and body.
$this->assertTitle(t('Preview comment | Drupal'), 'Page title is "Preview comment".');
$this->assertText($edit['subject[0][value]'], 'Subject displayed.');
$this->assertText($edit['comment_body[0][value]'], 'Comment displayed.');
// Check that the title and body fields are displayed with the correct values.
$this->assertFieldByName('subject[0][value]', $edit['subject[0][value]'], 'Subject field displayed.');
$this->assertFieldByName('comment_body[0][value]', $edit['comment_body[0][value]'], 'Comment field displayed.');
// Check that the user picture is displayed.
$this->assertFieldByXPath("//article[contains(@class, 'preview')]//div[contains(@class, 'user-picture')]//img", NULL, 'User picture displayed.');
}
示例7: testHookLinkAlter
/**
* Tests how hook_link_alter() can affect escaping of the link text.
*/
function testHookLinkAlter()
{
$url = Url::fromUri('http://example.com');
$renderer = \Drupal::service('renderer');
$link = $renderer->executeInRenderContext(new RenderContext(), function () use($url) {
return \Drupal::l(['#markup' => '<em>link with markup</em>'], $url);
});
$this->setRawContent($link);
$this->assertTrue(SafeMarkup::isSafe($link), 'The output of link generation is marked safe as it is a link.');
// Ensure the content of the link is not escaped.
$this->assertRaw('<em>link with markup</em>');
// Test just adding text to an already safe string.
\Drupal::state()->set('link_generation_test_link_alter', TRUE);
$link = $renderer->executeInRenderContext(new RenderContext(), function () use($url) {
return \Drupal::l(['#markup' => '<em>link with markup</em>'], $url);
});
$this->setRawContent($link);
$this->assertTrue(SafeMarkup::isSafe($link), 'The output of link generation is marked safe as it is a link.');
// Ensure the content of the link is escaped.
$this->assertEscaped('<em>link with markup</em> <strong>Test!</strong>');
// Test passing a safe string to t().
\Drupal::state()->set('link_generation_test_link_alter_safe', TRUE);
$link = $renderer->executeInRenderContext(new RenderContext(), function () use($url) {
return \Drupal::l(['#markup' => '<em>link with markup</em>'], $url);
});
$this->setRawContent($link);
$this->assertTrue(SafeMarkup::isSafe($link), 'The output of link generation is marked safe as it is a link.');
// Ensure the content of the link is escaped.
$this->assertRaw('<em>link with markup</em> <strong>Test!</strong>');
// Test passing an unsafe string to t().
$link = $renderer->executeInRenderContext(new RenderContext(), function () use($url) {
return \Drupal::l('<em>link with markup</em>', $url);
});
$this->setRawContent($link);
$this->assertTrue(SafeMarkup::isSafe($link), 'The output of link generation is marked safe as it is a link.');
// Ensure the content of the link is escaped.
$this->assertEscaped('<em>link with markup</em>');
$this->assertRaw('<strong>Test!</strong>');
}
示例8: createAttributeValue
/**
* Creates the different types of attribute values.
*
* @param string $name
* The attribute name.
* @param mixed $value
* The attribute value.
*
* @return \Drupal\Core\Template\AttributeValueBase
* An AttributeValueBase representation of the attribute's value.
*/
protected function createAttributeValue($name, $value)
{
// If the value is already an AttributeValueBase object,
// return a new instance of the same class, but with the new name.
if ($value instanceof AttributeValueBase) {
$class = get_class($value);
return new $class($name, $value->value());
}
// An array value or 'class' attribute name are forced to always be an
// AttributeArray value for consistency.
if ($name == 'class' && !is_array($value)) {
// Cast the value to string in case it implements MarkupInterface.
$value = [(string) $value];
}
if (is_array($value)) {
// Cast the value to an array if the value was passed in as a string.
// @todo Decide to fix all the broken instances of class as a string
// in core or cast them.
$value = new AttributeArray($name, $value);
} elseif (is_bool($value)) {
$value = new AttributeBoolean($name, $value);
} elseif (SafeMarkup::isSafe($value)) {
// Attributes are not supposed to display HTML markup, so we just convert
// the value to plain text.
$value = PlainTextOutput::renderFromHtml($value);
$value = new AttributeString($name, $value);
} elseif (!is_object($value)) {
$value = new AttributeString($name, $value);
}
return $value;
}
示例9: getCacheableRenderArray
/**
* {@inheritdoc}
*/
public function getCacheableRenderArray(array $elements)
{
$data = ['#markup' => $elements['#markup'], '#attached' => $elements['#attached'], '#cache' => ['contexts' => $elements['#cache']['contexts'], 'tags' => $elements['#cache']['tags'], 'max-age' => $elements['#cache']['max-age']]];
// Preserve cacheable items if specified. If we are preserving any cacheable
// children of the element, we assume we are only interested in their
// individual markup and not the parent's one, thus we empty it to minimize
// the cache entry size.
if (!empty($elements['#cache_properties']) && is_array($elements['#cache_properties'])) {
$data['#cache_properties'] = $elements['#cache_properties'];
// Ensure that any safe strings are a Markup object.
foreach (Element::properties(array_flip($elements['#cache_properties'])) as $cache_property) {
if (isset($elements[$cache_property]) && is_scalar($elements[$cache_property]) && SafeMarkup::isSafe($elements[$cache_property])) {
$elements[$cache_property] = Markup::create($elements[$cache_property]);
}
}
// Extract all the cacheable items from the element using cache
// properties.
$cacheable_items = array_intersect_key($elements, array_flip($elements['#cache_properties']));
$cacheable_children = Element::children($cacheable_items);
if ($cacheable_children) {
$data['#markup'] = '';
// Cache only cacheable children's markup.
foreach ($cacheable_children as $key) {
// We can assume that #markup is safe at this point.
$cacheable_items[$key] = ['#markup' => Markup::create($cacheable_items[$key]['#markup'])];
}
}
$data += $cacheable_items;
}
$data['#markup'] = Markup::create($data['#markup']);
return $data;
}
示例10: testFormat
/**
* Tests string formatting with SafeMarkup::format().
*
* @dataProvider providerFormat
* @covers ::format
*
* @param string $string
* The string to run through SafeMarkup::format().
* @param string[] $args
* The arguments to pass into SafeMarkup::format().
* @param string $expected
* The expected result from calling the function.
* @param string $message
* The message to display as output to the test.
* @param bool $expected_is_safe
* Whether the result is expected to be safe for HTML display.
*/
public function testFormat($string, array $args, $expected, $message, $expected_is_safe) {
UrlHelper::setAllowedProtocols(['http', 'https', 'mailto']);
$result = SafeMarkup::format($string, $args);
$this->assertEquals($expected, $result, $message);
$this->assertEquals($expected_is_safe, SafeMarkup::isSafe($result), 'SafeMarkup::format correctly sets the result as safe or not safe.');
foreach ($args as $arg) {
$this->assertSame($arg instanceof SafeMarkupTestMarkup, SafeMarkup::isSafe($arg));
}
}
示例11: preRenderConditionalComments
/**
* Pre-render callback: Renders #browsers into #prefix and #suffix.
*
* @param array $element
* A render array with a '#browsers' property. The '#browsers' property can
* contain any or all of the following keys:
* - 'IE': If FALSE, the element is not rendered by Internet Explorer. If
* TRUE, the element is rendered by Internet Explorer. Can also be a string
* containing an expression for Internet Explorer to evaluate as part of a
* conditional comment. For example, this can be set to 'lt IE 7' for the
* element to be rendered in Internet Explorer 6, but not in Internet
* Explorer 7 or higher. Defaults to TRUE.
* - '!IE': If FALSE, the element is not rendered by browsers other than
* Internet Explorer. If TRUE, the element is rendered by those browsers.
* Defaults to TRUE.
* Examples:
* - To render an element in all browsers, '#browsers' can be left out or set
* to array('IE' => TRUE, '!IE' => TRUE).
* - To render an element in Internet Explorer only, '#browsers' can be set
* to array('!IE' => FALSE).
* - To render an element in Internet Explorer 6 only, '#browsers' can be set
* to array('IE' => 'lt IE 7', '!IE' => FALSE).
* - To render an element in Internet Explorer 8 and higher and in all other
* browsers, '#browsers' can be set to array('IE' => 'gte IE 8').
*
* @return array
* The passed-in element with markup for conditional comments potentially
* added to '#prefix' and '#suffix'.
*/
public static function preRenderConditionalComments($element)
{
$browsers = isset($element['#browsers']) ? $element['#browsers'] : array();
$browsers += array('IE' => TRUE, '!IE' => TRUE);
// If rendering in all browsers, no need for conditional comments.
if ($browsers['IE'] === TRUE && $browsers['!IE']) {
return $element;
}
// Determine the conditional comment expression for Internet Explorer to
// evaluate.
if ($browsers['IE'] === TRUE) {
$expression = 'IE';
} elseif ($browsers['IE'] === FALSE) {
$expression = '!IE';
} else {
// The IE expression might contain some user input data.
$expression = Xss::filterAdmin($browsers['IE']);
}
// If the #prefix and #suffix properties are used, wrap them with
// conditional comment markup. The conditional comment expression is
// evaluated by Internet Explorer only. To control the rendering by other
// browsers, use either the "downlevel-hidden" or "downlevel-revealed"
// technique. See http://en.wikipedia.org/wiki/Conditional_comment
// for details.
// Ensure what we are dealing with is safe.
// This would be done later anyway in drupal_render().
$prefix = isset($element['#prefix']) ? $element['#prefix'] : '';
if ($prefix && !SafeMarkup::isSafe($prefix)) {
$prefix = Xss::filterAdmin($prefix);
}
$suffix = isset($element['#suffix']) ? $element['#suffix'] : '';
if ($suffix && !SafeMarkup::isSafe($suffix)) {
$suffix = Xss::filterAdmin($suffix);
}
// We ensured above that $expression is either a string we created or is
// admin XSS filtered, and that $prefix and $suffix are also admin XSS
// filtered if they are unsafe. Thus, all these strings are safe.
if (!$browsers['!IE']) {
// "downlevel-hidden".
$element['#prefix'] = Markup::create("\n<!--[if {$expression}]>\n" . $prefix);
$element['#suffix'] = Markup::create($suffix . "<![endif]-->\n");
} else {
// "downlevel-revealed".
$element['#prefix'] = Markup::create("\n<!--[if {$expression}]><!-->\n" . $prefix);
$element['#suffix'] = Markup::create($suffix . "<!--<![endif]-->\n");
}
return $element;
}
示例12: xssFilterAdminIfUnsafe
/**
* Applies a very permissive XSS/HTML filter for admin-only use.
*
* Note: This method only filters if $string is not marked safe already. This
* ensures that HTML intended for display is not filtered.
*
* @param string|\Drupal\Core\Render\SafeString $string
* A string.
*
* @return \Drupal\Core\Render\SafeString
* The escaped string wrapped in a SafeString object. If
* SafeMarkup::isSafe($string) returns TRUE, it won't be escaped again.
*/
protected function xssFilterAdminIfUnsafe($string)
{
if (!SafeMarkup::isSafe($string)) {
$string = Xss::filterAdmin($string);
}
return SafeString::create($string);
}
示例13: ensureMarkupIsSafe
/**
* Escapes #plain_text or filters #markup as required.
*
* Drupal uses Twig's auto-escape feature to improve security. This feature
* automatically escapes any HTML that is not known to be safe. Due to this
* the render system needs to ensure that all markup it generates is marked
* safe so that Twig does not do any additional escaping.
*
* By default all #markup is filtered to protect against XSS using the admin
* tag list. Render arrays can alter the list of tags allowed by the filter
* using the #allowed_tags property. This value should be an array of tags
* that Xss::filter() would accept. Render arrays can escape text instead
* of XSS filtering by setting the #plain_text property instead of #markup. If
* #plain_text is used #allowed_tags is ignored.
*
* @param array $elements
* A render array with #markup set.
*
* @return \Drupal\Component\Render\MarkupInterface|string
* The escaped markup wrapped in a Markup object. If
* SafeMarkup::isSafe($elements['#markup']) returns TRUE, it won't be
* escaped or filtered again.
*
* @see \Drupal\Component\Utility\Html::escape()
* @see \Drupal\Component\Utility\Xss::filter()
* @see \Drupal\Component\Utility\Xss::adminFilter()
*/
protected function ensureMarkupIsSafe(array $elements)
{
if (empty($elements['#markup']) && empty($elements['#plain_text'])) {
return $elements;
}
if (!empty($elements['#plain_text'])) {
$elements['#markup'] = Markup::create(Html::escape($elements['#plain_text']));
} elseif (!SafeMarkup::isSafe($elements['#markup'])) {
// The default behaviour is to XSS filter using the admin tag list.
$tags = isset($elements['#allowed_tags']) ? $elements['#allowed_tags'] : Xss::getAdminTagList();
$elements['#markup'] = Markup::create(Xss::filter($elements['#markup'], $tags));
}
return $elements;
}
示例14: replace
/**
* Replaces all tokens in a given string with appropriate values.
*
* @param string $text
* An HTML string containing replaceable tokens. The caller is responsible
* for calling \Drupal\Component\Utility\Html::escape() in case the $text
* was plain text.
* @param array $data
* (optional) An array of keyed objects. For simple replacement scenarios
* 'node', 'user', and others are common keys, with an accompanying node or
* user object being the value. Some token types, like 'site', do not require
* any explicit information from $data and can be replaced even if it is
* empty.
* @param array $options
* (optional) A keyed array of settings and flags to control the token
* replacement process. Supported options are:
* - langcode: A language code to be used when generating locale-sensitive
* tokens.
* - callback: A callback function that will be used to post-process the
* array of token replacements after they are generated.
* - clear: A boolean flag indicating that tokens should be removed from the
* final text if no replacement value can be generated.
* @param \Drupal\Core\Render\BubbleableMetadata $bubbleable_metadata|null
* (optional) An object to which static::generate() and the hooks and
* functions that it invokes will add their required bubbleable metadata.
*
* To ensure that the metadata associated with the token replacements gets
* attached to the same render array that contains the token-replaced text,
* callers of this method are encouraged to pass in a BubbleableMetadata
* object and apply it to the corresponding render array. For example:
* @code
* $bubbleable_metadata = new BubbleableMetadata();
* $build['#markup'] = $token_service->replace('Tokens: [node:nid] [current-user:uid]', ['node' => $node], [], $bubbleable_metadata);
* $bubbleable_metadata->applyTo($build);
* @endcode
*
* When the caller does not pass in a BubbleableMetadata object, this
* method creates a local one, and applies the collected metadata to the
* Renderer's currently active render context.
*
* @return string
* The token result is the entered HTML text with tokens replaced. The
* caller is responsible for choosing the right escaping / sanitization. If
* the result is intended to be used as plain text, using
* PlainTextOutput::renderFromHtml() is recommended. If the result is just
* printed as part of a template relying on Twig autoescaping is possible,
* otherwise for example the result can be put into #markup, in which case
* it would be sanitized by Xss::filterAdmin().
*/
public function replace($text, array $data = array(), array $options = array(), BubbleableMetadata $bubbleable_metadata = NULL)
{
$text_tokens = $this->scan($text);
if (empty($text_tokens)) {
return $text;
}
$bubbleable_metadata_is_passed_in = (bool) $bubbleable_metadata;
$bubbleable_metadata = $bubbleable_metadata ?: new BubbleableMetadata();
$replacements = array();
foreach ($text_tokens as $type => $tokens) {
$replacements += $this->generate($type, $tokens, $data, $options, $bubbleable_metadata);
if (!empty($options['clear'])) {
$replacements += array_fill_keys($tokens, '');
}
}
// Escape the tokens, unless they are explicitly markup.
foreach ($replacements as $token => $value) {
$replacements[$token] = SafeMarkup::isSafe($value) ? $value : Html::escape($value);
}
// Optionally alter the list of replacement values.
if (!empty($options['callback'])) {
$function = $options['callback'];
$function($replacements, $data, $options, $bubbleable_metadata);
}
$tokens = array_keys($replacements);
$values = array_values($replacements);
// If a local $bubbleable_metadata object was created, apply the metadata
// it collected to the renderer's currently active render context.
if (!$bubbleable_metadata_is_passed_in && $this->renderer->hasRenderContext()) {
$build = [];
$bubbleable_metadata->applyTo($build);
$this->renderer->render($build);
}
return str_replace($tokens, $values, $text);
}
示例15: runTasks
/**
* Run database tasks and tests to see if Drupal can run on the database.
*/
public function runTasks()
{
// We need to establish a connection before we can run tests.
if ($this->connect()) {
foreach ($this->tasks as $task) {
if (!isset($task['function'])) {
$task['function'] = 'runTestQuery';
}
if (method_exists($this, $task['function'])) {
// Returning false is fatal. No other tasks can run.
if (FALSE === call_user_func_array(array($this, $task['function']), $task['arguments'])) {
break;
}
} else {
throw new TaskException(t("Failed to run all tasks against the database server. The task %task wasn't found.", array('%task' => $task['function'])));
}
}
}
// Check for failed results and compile message
$message = '';
foreach ($this->results as $result => $success) {
if (!$success) {
$message = SafeMarkup::isSafe($result) ? $result : SafeMarkup::checkPlain($result);
}
}
if (!empty($message)) {
$message = SafeMarkup::set('Resolve all issues below to continue the installation. For help configuring your database server, see the <a href="https://www.drupal.org/getting-started/install">installation handbook</a>, or contact your hosting provider.' . $message);
throw new TaskException($message);
}
}