Commit 549337a4 authored by webchick's avatar webchick

Issue #2488304 by genjohnson, lauriii, YesCT, Mariano, Gábor Hojtsy, jhodgdon,...

Issue #2488304 by genjohnson, lauriii, YesCT, Mariano, Gábor Hojtsy, jhodgdon, xjm: Add more docs that translate() also marks strings as safe
parent 337b58aa
......@@ -37,6 +37,10 @@ trait StringTranslationTrait {
* Translates a string to the current language or to a given language.
*
* See the t() documentation for details.
*
* Never call $this->t($user_text) where $user_text is text that a user
* entered; doing so can lead to cross-site scripting and other security
* problems.
*/
protected function t($string, array $args = array(), array $options = array()) {
return $this->getStringTranslation()->translate($string, $args, $options);
......
......@@ -17,6 +17,10 @@ interface TranslationInterface {
/**
* Translates a string to the current language or to a given language.
*
* Never call translate($user_text) where $user_text is text that a user
* entered; doing so can lead to cross-site scripting and other security
* problems.
*
* @param string $string
* A string containing the English string to translate.
* @param array $args
......
......@@ -142,6 +142,9 @@ public function getStringTranslation($langcode, $string, $context) {
public function translate($string, array $args = array(), array $options = array()) {
$string = $this->doTranslate($string, $options);
if (empty($args)) {
// This is assumed to be safe because translate should only be called
// with strings defined in code.
// @see \Drupal\Core\StringTranslation\TranslationInterface::translate()
return SafeMarkup::set($string);
}
else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment