I am looking at porting Message to Drupal 8. It uses token to generate the message arguments which are HTML escaped. This is the current code.
foreach ($matches[1] as $delta => $token) { $output = Drupal::token()->replace('[' . $token . ']', array('message' => $this), $token_options); if ($output != '[' . $token . ']') { // Token was replaced and token sanitizes. $argument = $matches[0][$delta]; $tokens[$argument] = FilteredMarkup::create($output); } } $this->setArguments(array_merge($tokens, $arguments));
The message gets loaded and the message text API returns new FormattableMarkup($output, $this->getArguments);
for the message text.
The test is the following.
$token_messages = array( 'some text @{message:author} ' . $random_text, 'some text %{message:author} ' . $random_text, 'some text @{wrong:token} ' . $random_text, ); $replaced_messages = array( 'some text ' . Html::escape($this->user->label()) . ' ' . $random_text, 'some text <em class="placeholder">' . Html::escape($this->user->label()) . '</em> ' . $random_text, 'some text @{wrong:token} ' . $random_text, );
I get a double escaping fail if I do not use FilteredMarkup
on save because Token::render()
uses the following code.
$replacements[$token] = $value instanceof MarkupInterface ? $value : new HtmlEscapedText($value);
$value
is a token replacement, which is probably already escaped. FilteredMarkup
is marked @internal
.
How could I achieve this?