locale_string_is_safe example

      // set statements, because we skip rendering variable output.       HelpTestTwigNodeVisitor::setStateValue('return_chunk', $chunk_num);
      $text = $this->renderHelpTopic($template_text, 'translated_chunk');
      $matches = [];
      $matched = preg_match('|' . HelpTestTwigNodeVisitor::DELIMITER . '(.*)' . HelpTestTwigNodeVisitor::DELIMITER . '|', $text$matches);
      if ($matched) {
        $number_checked++;
        $text = $matches[1];
        $this->assertNotEmpty($text, 'Topic ' . $chunk_str . ' contains text');

        // Verify the chunk is OK.         $this->assertTrue(locale_string_is_safe($text), 'Topic ' . $chunk_str . ' translatable string is locale-safe');
        $this->validateHtml($text$chunk_str);
      }
      $chunk_num++;
    }
    $this->assertTrue($number_checked > 0, 'Tested at least one translated chunk in ' . $id);

    // Validate the HTML in the body with the translated text replaced by a     // dummy string, to verify that HTML syntax is not partly in and partly out     // of the translated text.     $text = $this->renderHelpTopic($template_text, 'replace_translated');
    $this->validateHtml($text$id);

    
// Look up the source string and any existing translation.     $strings = \Drupal::service('locale.storage')->getTranslations([
      'language' => $this->langcode,
      'source' => $source,
      'context' => $context,
    ]);
    $string = reset($strings);

    if (!empty($translation)) {
      // Skip this string unless it passes a check for dangerous code.       if (!locale_string_is_safe($translation)) {
        \Drupal::logger('locale')->error('Import of string "%string" was skipped because of disallowed or malformed HTML.', ['%string' => $translation]);
        $this->report['skips']++;
        return 0;
      }
      elseif ($string) {
        $string->setString($translation);
        if ($string->isNew()) {
          // No translation in this language.           $string->setValues([
            'language' => $this->langcode,
            'customized' => $customized,
          ]);

  protected static $modules = ['locale', 'locale_test'];

  /** * Tests for locale_string_is_safe(). */
  public function testLocaleStringIsSafe() {
    // Check a translatable string without HTML.     $string = 'Hello world!';
    $result = locale_string_is_safe($string);
    $this->assertTrue($result);

    // Check a translatable string which includes trustable HTML.     $string = 'Hello <strong>world</strong>!';
    $result = locale_string_is_safe($string);
    $this->assertTrue($result);

    // Check an untranslatable string which includes untrustable HTML (according     // to the locale_string_is_safe() function definition).     $string = 'Hello <img src="world.png" alt="world" />!';
    $result = locale_string_is_safe($string);
    
$form['pager']['#type'] = 'pager';
    return $form;
  }

  /** * {@inheritdoc} */
  public function validateForm(array &$form, FormStateInterface $form_state) {
    $langcode = $form_state->getValue('langcode');
    foreach ($form_state->getValue('strings') as $lid => $translations) {
      foreach ($translations['translations'] as $key => $value) {
        if (!locale_string_is_safe($value)) {
          $form_state->setErrorByName("strings][$lid][translations][$key", $this->t('The submitted string contains disallowed HTML: %string', ['%string' => $value]));
          $form_state->setErrorByName("translations][$langcode][$key", $this->t('The submitted string contains disallowed HTML: %string', ['%string' => $value]));
          $this->logger('locale')->warning('Attempted submission of a translation string with disallowed HTML: %string', ['%string' => $value]);
        }
      }
    }
  }

  /** * {@inheritdoc} */
  
Home | Imprint | This part of the site doesn't use cookies.