MarkupInterface

Marks an object's __toString() method as returning markup.

Objects that implement this interface will not be automatically XSS filtered by the render system or automatically escaped by the theme engine.

If there is any risk of the object's __toString() method returning user-entered data that has not been filtered first, it must not be used. If the object that implements this does not perform automatic escaping or filtering itself, then it must be marked as "@internal". For example, Views has the internal ViewsRenderPipelineMarkup object to provide a custom render pipeline in order to render JSON and to fast render fields. By contrast, FormattableMarkup and TranslatableMarkup always sanitize their output when used correctly.

If the object is going to be used directly in Twig templates it should implement \Countable so it can be used in if statements.

Hierarchy

  • interface \Drupal\Component\Render\MarkupInterface extends \JsonSerializable

See also

\Drupal\Component\Render\MarkupTrait

\Drupal\Core\Template\TwigExtension::escapeFilter()

\Drupal\Component\Render\FormattableMarkup

\Drupal\Core\StringTranslation\TranslatableMarkup

\Drupal\views\Render\ViewsRenderPipelineMarkup

twig_render_template()

Sanitization functions

Render API overview

File

core/lib/Drupal/Component/Render/MarkupInterface.php, line 32

Namespace

Drupal\Component\Render

Members

Name Modifiers Type Description
MarkupInterface::__toString public function Returns markup.
doc_Drupal
2016-10-29 09:25:36
Comments
Leave a Comment

Please login to continue.