JP jpmcneal

## menu--main.html.twig
{#
/**
 * @file
 * Theme override to display a menu.
 *
 * Available variables:
 * - menu_name: The machine name of the menu.
 * - items: A nested list of menu items. Each menu item contains:
 *   - attributes: HTML attributes for the menu item.
 *   - below: The menu item child items.

## security.md

      
              1 file
            
          
              2 forks
            
          
              0 comments
            
          
              4 stars
            
          
                joelpittet
                / security.md
            
            
              Last active
              December 17, 2015 08:35
            
              
                Drupal 8 Theming - Security
              
          
    Security:

Best practices for secure Drupal 8 theming

History

Prior to Drupal 8, we relied on manual escaping variables by our developers and themers. Every variable was either run through check_plain(), filter_xss() or another filter function manually or it was assumed to be safe. You can see where this assumption can easily be overlooked/forgotten and we end up with a security vulnerability usually in the form of an XSS attack.
One of the major decisions for choosing Twig in Drupal 8 was due to its autoescape security feature which all variables can be escaped automatically while they are printed. This alleviates a bunch of concerns and burden on the Security Team as well as protect Drupal Sites by default. This is equivalent to Drupal 7 writing <?php print check_plain($variable); ?> on each variable printed.

  
## gist:5966561
# Scape a site w/ a few retries
wget -m -r --tries=5 "http://foo.bar"

# Scape a site w/o images
wget -m -r --tries=5 -R jpg,jpeg,png,gif,bmp "http://foo.bar"
	# Scape a site w/ a few retries
	wget -m -r --tries=5 "http://foo.bar"

	# Scape a site w/o images
	wget -m -r --tries=5 -R jpg,jpeg,png,gif,bmp "http://foo.bar"