function Html::escape
Same name in other branches
- 8.9.x core/lib/Drupal/Component/Utility/Html.php \Drupal\Component\Utility\Html::escape()
- 10 core/lib/Drupal/Component/Utility/Html.php \Drupal\Component\Utility\Html::escape()
- 11.x core/lib/Drupal/Component/Utility/Html.php \Drupal\Component\Utility\Html::escape()
Escapes text by converting special characters to HTML entities.
This method escapes HTML for sanitization purposes by replacing the following special characters with their HTML entity equivalents:
- & (ampersand) becomes &
- " (double quote) becomes "
- ' (single quote) becomes '
- < (less than) becomes <
- > (greater than) becomes >
Special characters that have already been escaped will be double-escaped (for example, "<" becomes "&lt;"), and invalid UTF-8 encoding will be converted to the Unicode replacement character ("�").
This method is not the opposite of Html::decodeEntities(). For example, this method will not encode "é" to "é", whereas Html::decodeEntities() will convert all HTML entities to UTF-8 bytes, including "é" and "<" to "é" and "<".
When constructing render arrays passing the output of Html::escape() to '#markup' is not recommended. Use the '#plain_text' key instead and the renderer will autoescape the text.
Parameters
string $text: The input text.
Return value
string The text with all HTML special characters converted.
See also
\Drupal\Component\Utility\Html::decodeEntities()
130 calls to Html::escape()
- AggregatorTestBase::getValidOpml in core/
modules/ aggregator/ tests/ src/ Functional/ AggregatorTestBase.php - Creates a valid OPML file from an array of feeds.
- AssertBreadcrumbTrait::assertBreadcrumbParts in core/
modules/ system/ tests/ src/ Functional/ Menu/ AssertBreadcrumbTrait.php - Assert that a trail exists in the internal browser.
- AssertContentTrait::assertEscaped in core/
tests/ Drupal/ KernelTests/ AssertContentTrait.php - Passes if the raw text IS found escaped on the loaded page, fail otherwise.
- AssertContentTrait::assertNoEscaped in core/
tests/ Drupal/ KernelTests/ AssertContentTrait.php - Passes if raw text IS NOT found escaped on loaded page, fail otherwise.
- AssertContentTrait::assertNoRaw in core/
tests/ Drupal/ KernelTests/ AssertContentTrait.php - Passes if the raw text is NOT found on the loaded page, fail otherwise.
File
-
core/
lib/ Drupal/ Component/ Utility/ Html.php, line 427
Class
- Html
- Provides DOMDocument helpers for parsing and serializing HTML strings.
Namespace
Drupal\Component\UtilityCode
public static function escape($text) : string {
if (is_null($text)) {
@trigger_error('Passing NULL to ' . __METHOD__ . ' is deprecated in drupal:9.5.0 and will trigger a PHP error from drupal:11.0.0. Pass a string instead. See https://www.drupal.org/node/3318826', E_USER_DEPRECATED);
return '';
}
return htmlspecialchars($text, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.