Backend text sanitisation functions

Submitted by piofernandes on Wed, 09/11/2019 - 08:15

For future reference, because usually this is a basic question that pops daily on the life of a Drupal developer (interviews, writing code, peer reviews):

 

Argument substitution:

  • Placeholder replacement for Strings or MarkupInterface objects @variable
  • Placeholder replacement for values wrapped in tags is %variable
  • Placeholder replacement for values that become "href" attribute is :variable

 

Best practices:

Tags

The XSS functions family

Submitted by piofernandes on Mon, 07/29/2019 - 13:49
function filter_xss($string, $allowerd_tags);
 * This code does four things:
 * - Removes characters and constructs that can trick browsers.
 * - Makes sure all HTML entities are well-formed.
 * - Makes sure all HTML tags and attributes are well-formed.
 * - Makes sure no HTML tags contain URLs with a disallowed protocol (e.g.
 *   javascript:).

@return
 *   An XSS safe version of $string, or an empty string if $string is not
 *   valid UTF-8.
function filter_xss_admin($string);
 * Applies a very permissive XSS/HTML filter for admin-only use.
filter_xss_admin is a ju
Tags

How to compile to another filename with Compass, instead of screen.css

Submitted by piofernandes on Wed, 07/24/2019 - 12:12

In Drupal it comes to subtheming, if we subtheme using the same CSS filename as the parent's css file, the parent's file is ignored. applying the following to config.rb 

when using sass + compass for development, will allow to output to a different filename, And this way we are ok to use both stylesheets, from the subtheme and the parent theme.

 

Tags

Setup up Behat on a new PHP project

Submitted by piofernandes on Thu, 01/31/2019 - 10:31

In order to take advantage of Behaviour Driven Development, I am installing Behat. This always for test coverage when integrating new features on the project, detecting regression errors automatically, before any deployment phase.

 

First of all, I create [project_root]/tests folder and inside, I add a "composer.json" file with the following content: