- elseif ($this->view->getRequest()->getFormat($this->view->element['#content_type']) !== 'html') {
- // This display plugin is primarily for returning non-HTML formats.
- // However, we still invoke the renderer to collect cacheability metadata.
- // Because the renderer is designed for HTML rendering, it filters
- // #markup for XSS unless it is already known to be safe, but that filter
- // only works for HTML. Therefore, we mark the contents as safe to bypass
- // the filter. So long as we are returning this in a non-HTML response
- // (checked above), this is safe, because an XSS attack only works when
- // executed by an HTML agent.
+ else {
+ // This display plugin is for returning non-HTML formats. However, we
+ // still invoke the renderer to collect cacheability metadata. Because the
+ // renderer is designed for HTML rendering, it filters #markup for XSS
+ // unless it is already known to be safe, but that filter only works for
+ // HTML. Therefore, we mark the contents as safe to bypass the filter. So
+ // long as we are returning this in a non-HTML response,
+ // this is safe, because an XSS attack only works when executed by an HTML
+ // agent.