You are here

public function AllowedTagsXssTrait::fieldFilterXss in Drupal 8

Filters an HTML string to prevent XSS vulnerabilities.

Like \Drupal\Component\Utility\Xss::filterAdmin(), but with a shorter list of allowed tags.

Used for items entered by administrators, like field descriptions, allowed values, where some (mainly inline) mark-up may be desired (so \Drupal\Component\Utility\Html::escape() is not acceptable).

Parameters

string $string: The string with raw HTML in it.

Return value

\Drupal\Core\Field\FieldFilteredMarkup An XSS safe version of $string, or an empty string if $string is not valid UTF-8.

File

core/lib/Drupal/Core/Field/AllowedTagsXssTrait.php, line 32

Class

AllowedTagsXssTrait
Useful methods when dealing with displaying allowed tags.

Namespace

Drupal\Core\Field

Code

public function fieldFilterXss($string) {
  @trigger_error(__METHOD__ . ' is deprecated in drupal:8.0.0 and is removed in drupal:9.0.0. Use \\Drupal\\Core\\Field\\FieldFilteredMarkup::create() instead.', E_USER_DEPRECATED);
  return FieldFilteredMarkup::create($string);
}