MarkupInterface.php 1.56 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
<?php

/**
 * @file
 * Contains \Drupal\Component\Render\MarkupInterface.
 */

namespace Drupal\Component\Render;

/**
 * Marks an object's __toString() method as returning markup.
 *
 * Objects that implement this interface will not be automatically XSS filtered
 * by the render system or automatically escaped by the theme engine.
 *
 * If there is any risk of the object's __toString() method returning
 * user-entered data that has not been filtered first, it must not be used. If
 * the object that implements this does not perform automatic escaping or
 * filtering itself, then it must be marked as "@internal". For example, Views
 * has the internal ViewsRenderPipelineMarkup object to provide a custom render
 * pipeline in order to render JSON and to fast render fields. By contrast,
 * FormattableMarkup and TranslatableMarkup always sanitize their output when
 * used correctly.
 *
 * If the object is going to be used directly in Twig templates it should
 * implement \Countable so it can be used in if statements.
 *
 * @see \Drupal\Component\Render\MarkupTrait
 * @see \Drupal\Component\Utility\SafeMarkup::isSafe()
 * @see \Drupal\Core\Template\TwigExtension::escapeFilter()
 * @see \Drupal\Component\Render\FormattableMarkup
 * @see \Drupal\Core\StringTranslation\TranslatableMarkup
 * @see \Drupal\views\Render\ViewsRenderPipelineMarkup
34 35 36
 * @see twig_render_template()
 * @see sanitization
 * @see theme_render
37 38 39 40 41 42 43 44 45 46 47 48
 */
interface MarkupInterface extends \JsonSerializable {

  /**
   * Returns markup.
   *
   * @return string
   *   The markup.
   */
  public function __toString();

}