projects / yaffs-website / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Updated Drupal to 8.6. This goes with the following updates because it's possible...
[yaffs-website] / web / core / lib / Drupal / Core / Render / theme.api.php
diff --git a/web/core/lib/Drupal/Core/Render/theme.api.php b/web/core/lib/Drupal/Core/Render/theme.api.php
index 754641cce75607868bbd686ed6bf1da7ec7d41f5..2bb2eb9aa8fd9615335c14d037d4c01461321a2c 100644 (file)
--- a/web/core/lib/Drupal/Core/Render/theme.api.php
+++ b/web/core/lib/Drupal/Core/Render/theme.api.php
@@ -765,6 +765,12 @@ function hook_extension() {
 /**
  * Render a template using the theme engine.
  *
+ * It is the theme engine's responsibility to escape variables. The only
+ * exception is if a variable implements
+ * \Drupal\Component\Render\MarkupInterface. Drupal is inherently unsafe if
+ * other variables are not escaped. The helper function
+ * theme_render_and_autoescape() may be used for this.
+ *
  * @param string $template_file
  *   The path (relative to the Drupal root directory) to the template to be
  *   rendered including its extension in the format 'path/to/TEMPLATE_NAME.EXT'.
Unnamed repository; edit this file 'description' to name the repository.