function drupal_attributes

×

Error message

User warning: The following module is missing from the file system: theme/theme. For information about how to fix this, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1156 of /var/www/html/elmsln_community/api.elmsln.org/includes/bootstrap.inc).
cis7 common.inc drupal_attributes(array $attributes = array())
cle7 common.inc drupal_attributes(array $attributes = array())
elmsmedia7 common.inc drupal_attributes(array $attributes = array())
icor7 common.inc drupal_attributes(array $attributes = array())
meedjum_blog7 common.inc drupal_attributes(array $attributes = array())
mooc7 common.inc drupal_attributes(array $attributes = array())

Converts an associative array to an XML/HTML tag attribute string.

Each array key and its value will be formatted into an attribute string. If a value is itself an array, then its elements are concatenated to a single space-delimited string (for example, a class attribute with multiple values).

Attribute values are sanitized by running them through check_plain(). Attribute names are not automatically sanitized. When using user-supplied attribute names, it is strongly recommended to allow only white-listed names, since certain attributes carry security risks and can be abused.

Examples of security aspects when using drupal_attributes:

  // By running the value in the following statement through check_plain,
  // the malicious script is neutralized.
  drupal_attributes(array('title' => t('<script>steal_cookie();</script>')));

  // The statement below demonstrates dangerous use of drupal_attributes, and
  // will return an onmouseout attribute with JavaScript code that, when used
  // as attribute in a tag, will cause users to be redirected to another site.
  //
  // In this case, the 'onmouseout' attribute should not be whitelisted --
  // you don't want users to have the ability to add this attribute or others
  // that take JavaScript commands.
  drupal_attributes(array('onmouseout' => 'window.location="http://malicious.com/";')));

Parameters

$attributes: An associative array of key-value pairs to be converted to attributes.

Return value

A string ready for insertion in a tag (starts with a space).

Related topics

104 calls to drupal_attributes()
adaptivetheme_item_list in sites/all/themes/ulmus/adaptivetheme/at_core/inc/theme.inc
Returns HTML for a list or nested list of items.
adaptivetheme_links in sites/all/themes/ulmus/adaptivetheme/at_core/inc/theme.inc
Returns HTML for a set of links.
adaptivetheme_process_block in sites/all/themes/ulmus/adaptivetheme/at_core/inc/process.inc
Process variables for block.tpl.php
adaptivetheme_process_comment in sites/all/themes/ulmus/adaptivetheme/at_core/inc/process.inc
Process variables for comment.tpl.php
adaptivetheme_process_html in sites/all/themes/ulmus/adaptivetheme/at_core/inc/process.inc
Process variables for html.tpl.php

... See full list

File

includes/common.inc, line 2377
Common functions that many Drupal modules will need to reference.

Code

function drupal_attributes(array $attributes = array()) {
  foreach ($attributes as $attribute => &$data) {
    $data = implode(' ', (array) $data);
    $data = $attribute . '="' . check_plain($data) . '"';
  }
  return $attributes ? ' ' . implode(' ', $attributes) : '';
}