Verified Commit 658f18f9 authored by Dave Long's avatar Dave Long
Browse files

Issue #3215627 by guilhermevp, varshith, rahulkhandelwal1990, ilgnerfagundes,... 

Issue #3215627 by guilhermevp, varshith, rahulkhandelwal1990, ilgnerfagundes, ankithashetty, pragati_kanade, quietone, thiagorw, cilefen, mrclay, larowlan: HtmlTag doc should be clear about escaping of #value

(cherry picked from commit 11996c7a)
parent 7d320cb4

core/lib/Drupal/Core/Render/Element/HtmlTag.php

+4 −2
Original line number Diff line number Diff line
@@ -16,8 +16,8 @@ 
 * - #tag: The tag name to output.

 * - #attributes: (array, optional) HTML attributes to apply to the tag. The

 *   attributes are escaped, see \Drupal\Core\Template\Attribute.

 * - #value: (string, optional) A string containing the textual contents of

 *   the tag.

 * - #value: (string|MarkupInterface, optional) The textual contents of the tag.

 *   Strings will be XSS admin filtered.

 * - #noscript: (bool, optional) When set to TRUE, the markup

 *   (including any prefix or suffix) will be wrapped in a <noscript> element.

 *
@@ -29,6 +29,8 @@ 
 *   '#value' => $this->t('Hello World'),

 * ];

 * @endcode

 *

 * @see \Drupal\Component\Utility\Xss::filterAdmin().

 */

#[RenderElement('html_tag')]

class HtmlTag extends RenderElementBase {