5.7. Summary
Drupal provides a variety of sanitizing functions to make the developer's job easier. Many of these filtering functions are integrated by default into the many APIs that developers use to get the necessary functionality for a module, such as querying the database, translating content to other languages, and creating links to different parts of the site. However, when necessary, developers may use specific text-sanitizing functions to filter user-supplied data.
To filter data, you should use a combination of check_plain, check_markup, and filter_xss_admin depending on the type of data that you are filtering. Most of the time when you use the Drupal API, data is filtered automatically. However, there are a few situations where you need to actively filter data—like check boxes and radio buttons in the Form API, drupal_set_message, and drupal_set_title for 6.x. These apparent inconsistencies in the API are being addressed, though they are sometimes inconsistent because it makes sense in that particular situation to allow unfiltered data.
Get Cracking Drupal®: A Drop in the Bucket now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
