Make schema description plain text instead of HTML [#412410]

It was discussed in #329998: Remove all unescaped <> chars from t() strings in core (comments #8 and #9) and in #12201: Show table descriptions in PHPMyAdmin and other tools (comments #24 and #25) whether Schema API descriptions of tables and columns should be just plain text.

Currently they are HTML, but when they are used as SQL comments that show up in e.g. phpMyAdmin, they are converted to plain text. I personally think that allowing rich text in schema descriptions is probably a bit too flexible.

Comment	File	Size	Author
#7	schema-html-2.patch	7.34 KB	c960657
	schema-html-1.patch	5.17 KB	c960657

Comments

Comment #1

Crell commented 25 March 2009 at 15:14

Makes sense to me. But what then do we do when trying to display such data in the admin? Do we just say "well, remember to check_plain() it"? It's the sort of text that one would expect to be safe, since it's not coming from an external source but a module developer, so it doesn't trigger my "don't trust it until you filter it" sensors. You wouldn't think to check_plain something in t() yourself, either.

Do we just document it and hope the few people who will actually access this data will read it? Do we provide an API? Something else? I guess I'm OK with documenting it and punting if the committers are, but it's important to ask the question.

Comment #2

dries commented 29 March 2009 at 12:50

I'd just document it. I'm in support of this patch.

Comment #3

Crell commented 30 March 2009 at 15:19

Status:

Needs review

» Needs work

@OP, can you reroll with appropriate documentation, er, somewhere? :-)

Comment #4

c960657 commented 30 March 2009 at 18:53

The description of hook_schema() in modules/system/system.api.php doesn't go into great detail about the schema definition but instead refers http://drupal.org/node/146939. I suggest adding the following to the explanation of table and field descriptions on that page: “The description is treated as non-markup plain text.”