Commit 70f8ac6f authored by webchick's avatar webchick

Issue #2457887 by prateekMehta, stefan.r, rpayanm, alexpott: Use...

Issue #2457887 by prateekMehta, stefan.r, rpayanm, alexpott: Use Utility\SafeMarkup class instead of Utility\String for placeholder(), checkPlain(),format() functions
parent ed6b8823
......@@ -15,9 +15,8 @@
use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\Number;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\SortArray;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Tags;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Core\Asset\AttachedAssets;
......@@ -280,10 +279,10 @@ function valid_email_address($mail) {
* \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() instead.
*
* @see \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols()
* @see \Drupal\Component\Utility\String::checkPlain()
* @see \Drupal\Component\Utility\SafeMarkup::checkPlain()
*/
function check_url($uri) {
return String::checkPlain(UrlHelper::stripDangerousProtocols($uri));
return SafeMarkup::checkPlain(UrlHelper::stripDangerousProtocols($uri));
}
/**
......@@ -325,7 +324,7 @@ function format_xml_elements($array) {
}
if (isset($value['value']) && $value['value'] != '') {
$output .= '>' . (is_array($value['value']) ? format_xml_elements($value['value']) : String::checkPlain($value['value'])) . '</' . $value['key'] . ">\n";
$output .= '>' . (is_array($value['value']) ? format_xml_elements($value['value']) : SafeMarkup::checkPlain($value['value'])) . '</' . $value['key'] . ">\n";
}
else {
$output .= " />\n";
......@@ -333,7 +332,7 @@ function format_xml_elements($array) {
}
}
else {
$output .= ' <' . $key . '>' . (is_array($value) ? format_xml_elements($value) : String::checkPlain($value)) . "</$key>\n";
$output .= ' <' . $key . '>' . (is_array($value) ? format_xml_elements($value) : SafeMarkup::checkPlain($value)) . "</$key>\n";
}
}
// @todo This is marking the output string as safe HTML, but we have only
......@@ -570,7 +569,7 @@ function _drupal_add_html_head_link($attributes, $header = FALSE) {
if ($header) {
// Also add a HTTP header "Link:".
$href = '<' . String::checkPlain($attributes['href']) . '>;';
$href = '<' . SafeMarkup::checkPlain($attributes['href']) . '>;';
unset($attributes['href']);
$element['#attached']['http_header'][] = array('Link', $href . drupal_http_header_attributes($attributes), TRUE);
}
......@@ -1581,7 +1580,7 @@ function _drupal_flush_css_js() {
*/
function debug($data, $label = NULL, $print_r = TRUE) {
// Print $data contents to string.
$string = String::checkPlain($print_r ? print_r($data, TRUE) : var_export($data, TRUE));
$string = SafeMarkup::checkPlain($print_r ? print_r($data, TRUE) : var_export($data, TRUE));
// Display values with pre-formatting to increase readability.
$string = '<pre>' . $string . '</pre>';
......
......@@ -9,7 +9,7 @@
use Drupal\Component\Utility\UrlHelper;
use Drupal\Component\PhpStorage\FileStorage;
use Drupal\Component\Utility\Bytes;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\File\FileSystem;
use Drupal\Core\StreamWrapper\PublicStream;
use Drupal\Core\StreamWrapper\StreamWrapperInterface;
......@@ -463,7 +463,7 @@ function file_save_htaccess($directory, $private = TRUE, $force_overwrite = FALS
return drupal_chmod($htaccess_path, 0444);
}
else {
$variables = array('%directory' => $directory, '!htaccess' => '<br />' . nl2br(String::checkPlain($htaccess_lines)));
$variables = array('%directory' => $directory, '!htaccess' => '<br />' . nl2br(SafeMarkup::checkPlain($htaccess_lines)));
\Drupal::logger('security')->error("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <code>!htaccess</code>", $variables);
return FALSE;
}
......
......@@ -7,7 +7,6 @@
use Drupal\Component\Utility\NestedArray;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Component\Utility\Xss;
use Drupal\Core\Database\Database;
......@@ -109,7 +108,7 @@ function form_select_options($element, $choices = NULL) {
$options = '';
foreach ($choices as $key => $choice) {
if (is_array($choice)) {
$options .= '<optgroup label="' . String::checkPlain($key) . '">';
$options .= '<optgroup label="' . SafeMarkup::checkPlain($key) . '">';
$options .= form_select_options($element, $choice);
$options .= '</optgroup>';
}
......@@ -125,7 +124,7 @@ function form_select_options($element, $choices = NULL) {
else {
$selected = '';
}
$options .= '<option value="' . String::checkPlain($key) . '"' . $selected . '>' . String::checkPlain($choice) . '</option>';
$options .= '<option value="' . SafeMarkup::checkPlain($key) . '"' . $selected . '>' . SafeMarkup::checkPlain($choice) . '</option>';
}
}
return SafeMarkup::set($options);
......@@ -364,7 +363,7 @@ function template_preprocess_textarea(&$variables) {
Element\RenderElement::setAttributes($element, array('form-textarea'));
$variables['wrapper_attributes'] = new Attribute();
$variables['attributes'] = new Attribute($element['#attributes']);
$variables['value'] = String::checkPlain($element['#value']);
$variables['value'] = SafeMarkup::checkPlain($element['#value']);
$variables['resizable'] = !empty($element['#resizable']) ? $element['#resizable'] : NULL;
$variables['required'] = !empty($element['#required']) ? $element['#required'] : NULL;
}
......@@ -553,7 +552,7 @@ function template_preprocess_form_element_label(&$variables) {
* Note: if the batch 'title', 'init_message', 'progress_message', or
* 'error_message' could contain any user input, it is the responsibility of
* the code calling batch_set() to sanitize them first with a function like
* \Drupal\Component\Utility\String::checkPlain() or
* \Drupal\Component\Utility\SafeMarkup::checkPlain() or
* \Drupal\Component\Utility\Xss::filter(). Furthermore, if the batch operation
* returns any user input in the 'results' or 'message' keys of $context, it
* must also sanitize them first.
......@@ -580,8 +579,8 @@ function template_preprocess_form_element_label(&$variables) {
*
* $nodes = entity_load_multiple_by_properties('node', array('uid' => $uid, 'type' => $type));
* $node = reset($nodes);
* $context['results'][] = $node->id() . ' : ' . String::checkPlain($node->label());
* $context['message'] = String::checkPlain($node->label());
* $context['results'][] = $node->id() . ' : ' . SafeMarkup::checkPlain($node->label());
* $context['message'] = SafeMarkup::checkPlain($node->label());
* }
*
* // A more advanced example is a multi-step operation that loads all rows,
......@@ -600,10 +599,10 @@ function template_preprocess_form_element_label(&$variables) {
* ->range(0, $limit)
* ->execute();
* foreach ($result as $row) {
* $context['results'][] = $row->id . ' : ' . String::checkPlain($row->title);
* $context['results'][] = $row->id . ' : ' . SafeMarkup::checkPlain($row->title);
* $context['sandbox']['progress']++;
* $context['sandbox']['current_id'] = $row->id;
* $context['message'] = String::checkPlain($row->title);
* $context['message'] = SafeMarkup::checkPlain($row->title);
* }
* if ($context['sandbox']['progress'] != $context['sandbox']['max']) {
* $context['finished'] = $context['sandbox']['progress'] / $context['sandbox']['max'];
......
......@@ -11,7 +11,6 @@
*/
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\String;
use Drupal\Core\Render\Element;
......@@ -38,12 +37,12 @@ function template_preprocess_menu_local_task(&$variables) {
$variables['attributes']['class'] = array('active');
// Add text to indicate active tab for non-visual users.
$active = String::format('<span class="visually-hidden">@label</span>', array('@label' => t('(active tab)')));
$active = SafeMarkup::format('<span class="visually-hidden">@label</span>', array('@label' => t('(active tab)')));
$link_text = t('@local-task-title@active', array('@local-task-title' => $link_text, '@active' => $active));
}
else {
// @todo Remove this once https://www.drupal.org/node/2338081 is fixed.
$link_text = String::checkPlain($link_text);
$link_text = SafeMarkup::checkPlain($link_text);
}
$link['localized_options']['set_active_class'] = TRUE;
......
......@@ -221,7 +221,7 @@ function drupal_install_schema($module) {
* An array of arrays with the following key/value pairs:
* - success: a boolean indicating whether the query succeeded.
* - query: the SQL query(s) executed, passed through
* \Drupal\Component\Utility\String::checkPlain().
* \Drupal\Component\Utility\SafeMarkup::checkPlain().
*/
function drupal_uninstall_schema($module) {
$schema = drupal_get_schema_unprocessed($module);
......
<?php
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Url;
use Drupal\Component\Utility\UrlHelper;
......@@ -60,7 +60,7 @@ function tablesort_header(&$cell_content, array &$cell_attributes, array $header
$ts['sort'] = 'asc';
$image = '';
}
$cell_content = \Drupal::l(String::format('@cell_content@image', array('@cell_content' => $cell_content, '@image' => $image)), new Url('<current>', [], [
$cell_content = \Drupal::l(SafeMarkup::format('@cell_content@image', array('@cell_content' => $cell_content, '@image' => $image)), new Url('<current>', [], [
'attributes' => array('title' => $title),
'query' => array_merge($ts['query'], array(
'sort' => $ts['sort'],
......
......@@ -11,7 +11,6 @@
use Drupal\Component\Serialization\Json;
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\UrlHelper;
use Drupal\Component\Utility\Xss;
......@@ -574,7 +573,7 @@ function template_preprocess_links(&$variables) {
);
// Convert the attributes array into an Attribute object.
$heading['attributes'] = new Attribute($heading['attributes']);
$heading['text'] = String::checkPlain($heading['text']);
$heading['text'] = SafeMarkup::checkPlain($heading['text']);
}
$variables['links'] = array();
......@@ -1272,7 +1271,7 @@ function template_preprocess_html(&$variables) {
if (!empty($variables['page']['#title'])) {
$head_title = array(
'title' => SafeMarkup::set(trim(strip_tags($variables['page']['#title']))),
'name' => String::checkPlain($site_config->get('name')),
'name' => SafeMarkup::checkPlain($site_config->get('name')),
);
}
// @todo Remove once views is not bypassing the view subscriber anymore.
......@@ -1280,11 +1279,11 @@ function template_preprocess_html(&$variables) {
elseif ($is_front_page) {
$head_title = array(
'title' => t('Home'),
'name' => String::checkPlain($site_config->get('name')),
'name' => SafeMarkup::checkPlain($site_config->get('name')),
);
}
else {
$head_title = array('name' => String::checkPlain($site_config->get('name')));
$head_title = array('name' => SafeMarkup::checkPlain($site_config->get('name')));
if ($site_config->get('slogan')) {
$head_title['slogan'] = strip_tags(Xss::filterAdmin($site_config->get('slogan')));
}
......@@ -1362,7 +1361,7 @@ function template_preprocess_page(&$variables) {
$variables['front_page'] = \Drupal::url('<front>');
$variables['language'] = $language_interface;
$variables['logo'] = theme_get_setting('logo.url');
$variables['site_name'] = (theme_get_setting('features.name') ? String::checkPlain($site_config->get('name')) : '');
$variables['site_name'] = (theme_get_setting('features.name') ? SafeMarkup::checkPlain($site_config->get('name')) : '');
$variables['site_slogan'] = (theme_get_setting('features.slogan') ? Xss::filterAdmin($site_config->get('slogan')) : '');
// An exception might be thrown.
......@@ -1495,7 +1494,7 @@ function template_preprocess_install_page(&$variables) {
// Override the site name that is displayed on the page, since Drupal is
// still in the process of being installed.
$distribution_name = String::checkPlain(drupal_install_profile_distribution_name());
$distribution_name = SafeMarkup::checkPlain(drupal_install_profile_distribution_name());
$variables['site_name'] = $distribution_name;
$variables['head_title_array']['name'] = $distribution_name;
......@@ -1547,7 +1546,7 @@ function template_preprocess_field(&$variables, $hook) {
// Always set the field label - allow themes to decide whether to display it.
// In addition the label should be rendered but hidden to support screen
// readers.
$variables['label'] = String::checkPlain($element['#title']);
$variables['label'] = SafeMarkup::checkPlain($element['#title']);
static $default_attributes;
if (!isset($default_attributes)) {
......
......@@ -9,7 +9,7 @@
*/
use Drupal\Component\Graph\Graph;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityStorageException;
use Drupal\Core\Utility\Error;
......@@ -189,7 +189,7 @@ function update_do_one($module, $number, $dependency_map, &$context) {
$variables = Error::decodeException($e);
unset($variables['backtrace']);
// The exception message is run through
// \Drupal\Component\Utility\String::checkPlain() by
// \Drupal\Component\Utility\SafeMarkup::checkPlain() by
// \Drupal\Core\Utility\Error::decodeException().
$ret['#abort'] = array('success' => FALSE, 'query' => t('%type: !message in %function (line %line of %file).', $variables));
}
......@@ -218,7 +218,7 @@ function update_do_one($module, $number, $dependency_map, &$context) {
drupal_set_installed_schema_version($module, $number);
}
$context['message'] = 'Updating ' . String::checkPlain($module) . ' module';
$context['message'] = 'Updating ' . SafeMarkup::checkPlain($module) . ' module';
}
/**
......@@ -240,7 +240,7 @@ function update_entity_definitions($module, $number, &$context) {
$variables = Error::decodeException($e);
unset($variables['backtrace']);
// The exception message is run through
// \Drupal\Component\Utility\String::checkPlain() by
// \Drupal\Component\Utility\SafeMarkup::checkPlain() by
// \Drupal\Core\Utility\Error::decodeException().
$ret['#abort'] = array('success' => FALSE, 'query' => t('%type: !message in %function (line %line of %file).', $variables));
$context['results'][$module][$number] = $ret;
......
......@@ -2,7 +2,6 @@
namespace Drupal\Component\Diff\Engine;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\SafeMarkup;
......@@ -34,10 +33,10 @@ class HWLDFWordAccumulator {
protected function _flushGroup($new_tag) {
if ($this->group !== '') {
if ($this->tag == 'mark') {
$this->line .= '<span class="diffchange">' . String::checkPlain($this->group) . '</span>';
$this->line .= '<span class="diffchange">' . SafeMarkup::checkPlain($this->group) . '</span>';
}
else {
$this->line .= String::checkPlain($this->group);
$this->line .= SafeMarkup::checkPlain($this->group);
}
}
$this->group = '';
......
......@@ -10,7 +10,7 @@
use Drupal\Component\Gettext\PoReaderInterface;
use Drupal\Component\Gettext\PoStreamInterface;
use Drupal\Component\Gettext\PoHeader;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\SafeMarkup;
/**
* Implements Gettext PO stream reader.
......@@ -298,7 +298,7 @@ private function readLine() {
}
else {
// A comment following any other context is a syntax error.
$this->_errors[] = String::format('The translation stream %uri contains an error: "msgstr" was expected but not found on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: "msgstr" was expected but not found on line %line.', $log_vars);
return FALSE;
}
return;
......@@ -308,7 +308,7 @@ private function readLine() {
if ($this->_context != 'MSGID') {
// A plural form can only be added to an msgid directly.
$this->_errors[] = String::format('The translation stream %uri contains an error: "msgid_plural" was expected but not found on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: "msgid_plural" was expected but not found on line %line.', $log_vars);
return FALSE;
}
......@@ -319,7 +319,7 @@ private function readLine() {
$quoted = $this->parseQuoted($line);
if ($quoted === FALSE) {
// The plural form must be wrapped in quotes.
$this->_errors[] = String::format('The translation stream %uri contains a syntax error on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains a syntax error on line %line.', $log_vars);
return FALSE;
}
......@@ -346,7 +346,7 @@ private function readLine() {
}
elseif ($this->_context == 'MSGID') {
// We are currently already in the context, meaning we passed an id with no data.
$this->_errors[] = String::format('The translation stream %uri contains an error: "msgid" is unexpected on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: "msgid" is unexpected on line %line.', $log_vars);
return FALSE;
}
......@@ -357,7 +357,7 @@ private function readLine() {
$quoted = $this->parseQuoted($line);
if ($quoted === FALSE) {
// The message id must be wrapped in quotes.
$this->_errors[] = String::format('The translation stream %uri contains an error: invalid format for "msgid" on line %line.', $log_vars, $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: invalid format for "msgid" on line %line.', $log_vars, $log_vars);
return FALSE;
}
......@@ -375,7 +375,7 @@ private function readLine() {
}
elseif (!empty($this->_current_item['msgctxt'])) {
// A context cannot apply to another context.
$this->_errors[] = String::format('The translation stream %uri contains an error: "msgctxt" is unexpected on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: "msgctxt" is unexpected on line %line.', $log_vars);
return FALSE;
}
......@@ -386,7 +386,7 @@ private function readLine() {
$quoted = $this->parseQuoted($line);
if ($quoted === FALSE) {
// The context string must be quoted.
$this->_errors[] = String::format('The translation stream %uri contains an error: invalid format for "msgctxt" on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: invalid format for "msgctxt" on line %line.', $log_vars);
return FALSE;
}
......@@ -404,13 +404,13 @@ private function readLine() {
($this->_context != 'MSGSTR_ARR')) {
// Plural message strings must come after msgid, msgxtxt,
// msgid_plural, or other msgstr[] entries.
$this->_errors[] = String::format('The translation stream %uri contains an error: "msgstr[]" is unexpected on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: "msgstr[]" is unexpected on line %line.', $log_vars);
return FALSE;
}
// Ensure the plurality is terminated.
if (strpos($line, ']') === FALSE) {
$this->_errors[] = String::format('The translation stream %uri contains an error: invalid format for "msgstr[]" on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: invalid format for "msgstr[]" on line %line.', $log_vars);
return FALSE;
}
......@@ -425,7 +425,7 @@ private function readLine() {
$quoted = $this->parseQuoted($line);
if ($quoted === FALSE) {
// The string must be quoted.
$this->_errors[] = String::format('The translation stream %uri contains an error: invalid format for "msgstr[]" on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: invalid format for "msgstr[]" on line %line.', $log_vars);
return FALSE;
}
if (!isset($this->_current_item['msgstr']) || !is_array($this->_current_item['msgstr'])) {
......@@ -442,7 +442,7 @@ private function readLine() {
if (($this->_context != 'MSGID') && ($this->_context != 'MSGCTXT')) {
// Strings are only valid within an id or context scope.
$this->_errors[] = String::format('The translation stream %uri contains an error: "msgstr" is unexpected on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: "msgstr" is unexpected on line %line.', $log_vars);
return FALSE;
}
......@@ -453,7 +453,7 @@ private function readLine() {
$quoted = $this->parseQuoted($line);
if ($quoted === FALSE) {
// The string must be quoted.
$this->_errors[] = String::format('The translation stream %uri contains an error: invalid format for "msgstr" on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: invalid format for "msgstr" on line %line.', $log_vars);
return FALSE;
}
......@@ -468,7 +468,7 @@ private function readLine() {
$quoted = $this->parseQuoted($line);
if ($quoted === FALSE) {
// This string must be quoted.
$this->_errors[] = String::format('The translation stream %uri contains an error: string continuation expected on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: string continuation expected on line %line.', $log_vars);
return FALSE;
}
......@@ -498,7 +498,7 @@ private function readLine() {
}
else {
// No valid context to append to.
$this->_errors[] = String::format('The translation stream %uri contains an error: unexpected string on line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: unexpected string on line %line.', $log_vars);
return FALSE;
}
return;
......@@ -511,7 +511,7 @@ private function readLine() {
$this->_current_item = array();
}
elseif ($this->_context != 'COMMENT') {
$this->_errors[] = String::format('The translation stream %uri ended unexpectedly at line %line.', $log_vars);
$this->_errors[] = SafeMarkup::format('The translation stream %uri ended unexpectedly at line %line.', $log_vars);
return FALSE;
}
}
......
......@@ -2,7 +2,7 @@
/**
* @file
* Contains \Drupal\Component\Utility\String.
* Contains \Drupal\Component\Utility\SafeMarkup.
*/
namespace Drupal\Component\Utility;
......@@ -61,7 +61,7 @@ public static function decodeEntities($text) {
* - @variable: Escaped to HTML using
* \Drupal\Component\Utility\SafeMarkup::escape(). Use this as the
* default choice for anything displayed on a page on the site.
* - %variable: Escaped to HTML and formatted using String::placeholder(),
* - %variable: Escaped to HTML and formatted using SafeMarkup::placeholder(),
* which makes the following HTML code:
* @code
* <em class="placeholder">text output here.</em>
......@@ -71,7 +71,7 @@ public static function decodeEntities($text) {
* - Non-HTML usage, such as a plain-text email.
* - Non-direct HTML output, such as a plain-text variable that will be
* printed as an HTML attribute value and therefore formatted with
* String::checkPlain() as part of that.
* SafeMarkup::checkPlain() as part of that.
* - Some other special reason for suppressing sanitization.
*
* @return string
......
......@@ -244,7 +244,7 @@ public static function externalIsLocal($url, $base_url) {
$base_parts = parse_url($base_url);
if (empty($base_parts['host']) || empty($url_parts['host'])) {
throw new \InvalidArgumentException(String::format('A path was passed when a fully qualified domain was expected.'));
throw new \InvalidArgumentException(SafeMarkup::format('A path was passed when a fully qualified domain was expected.'));
}
if (!isset($url_parts['path']) || !isset($base_parts['path'])) {
......@@ -272,7 +272,7 @@ public static function filterBadProtocol($string) {
// Get the plain text representation of the attribute value (i.e. its
// meaning).
$string = String::decodeEntities($string);
return String::checkPlain(static::stripDangerousProtocols($string));
return SafeMarkup::checkPlain(static::stripDangerousProtocols($string));
}
/**
......@@ -303,7 +303,7 @@ public static function setAllowedProtocols(array $protocols = array()) {
* check_url() or Drupal\Component\Utility\Xss::filter(), but those functions
* return an HTML-encoded string, so this function can be called independently
* when the output needs to be a plain-text string for passing to functions
* that will call \Drupal\Component\Utility\String::checkPlain() separately.
* that will call \Drupal\Component\Utility\SafeMarkup::checkPlain() separately.
*
* @param string $uri
* A plain-text URI that might contain dangerous protocols.
......
......@@ -96,7 +96,7 @@ public static function filter($string, $html_tags = array('a', 'em', 'strong', '
*
* Use only for fields where it is impractical to use the
* whole filter system, but where some (mainly inline) mark-up
* is desired (so \Drupal\Component\Utility\String::checkPlain() is
* is desired (so \Drupal\Component\Utility\SafeMarkup::checkPlain() is
* not acceptable).
*
* Allows all tags that can be used inside an HTML body, save
......
......@@ -6,7 +6,7 @@
namespace Drupal\Core\Asset;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\State\StateInterface;
/**
......@@ -167,7 +167,7 @@ public function render(array $css_assets) {
// control browser-caching. IE7 does not support a media type on
// the @import statement, so we instead specify the media for
// the group on the STYLE tag.
$import[] = '@import url("' . String::checkPlain(file_create_url($next_css_asset['data']) . '?' . $query_string) . '");';
$import[] = '@import url("' . SafeMarkup::checkPlain(file_create_url($next_css_asset['data']) . '?' . $query_string) . '");';
// Move the outer for loop skip the next item, since we
// processed it here.
$i = $j;
......
......@@ -8,7 +8,7 @@
namespace Drupal\Core\Block;