public function FilterTestRestrictTagsAndAttributes::getHTMLRestrictions in Drupal 8
Same name and namespace in other branches
- 9 core/modules/filter/tests/filter_test/src/Plugin/Filter/FilterTestRestrictTagsAndAttributes.php \Drupal\filter_test\Plugin\Filter\FilterTestRestrictTagsAndAttributes::getHTMLRestrictions()
Returns HTML allowed by this filter's configuration.
May be implemented by filters of the FilterInterface::TYPE_HTML_RESTRICTOR type, this won't be used for filters of other types; they should just return FALSE.
This callback function is only necessary for filters that strip away HTML tags (and possibly attributes) and allows other modules to gain insight in a generic manner into which HTML tags and attributes are allowed by a format.
Return value
array|false A nested array with *either* of the following keys:
- 'allowed': (optional) the allowed tags as keys, and for each of those
tags (keys) either of the following values:
- TRUE to indicate any attribute is allowed
- FALSE to indicate no attributes are allowed
- an array to convey attribute restrictions: the keys must be
attribute names (which may use a wildcard, e.g. "data-*"), the
possible values are similar to the above:
- TRUE to indicate any attribute value is allowed
- FALSE to indicate the attribute is forbidden
- an array to convey attribute value restrictions: the key must be attribute values (which may use a wildcard, e.g. "xsd:*"), the possible values are TRUE or FALSE: to mark the attribute value as allowed or forbidden, respectively
- 'forbidden_tags': (optional) the forbidden tags
There is one special case: the "wildcard tag", "*": any attribute restrictions on that pseudotag apply to all tags.
If no restrictions apply, then FALSE must be returned.
Here is a concrete example, for a very granular filter:
array(
'allowed' => array(
// Allows any attribute with any value on the <div> tag.
'div' => TRUE,
// Allows no attributes on the <p> tag.
'p' => FALSE,
// Allows the following attributes on the <a> tag:
// - 'href', with any value;
// - 'rel', with the value 'nofollow' value.
'a' => array(
'href' => TRUE,
'rel' => array(
'nofollow' => TRUE,
),
),
// Only allows the 'src' and 'alt' attributes on the <alt> tag,
// with any value.
'img' => array(
'src' => TRUE,
'alt' => TRUE,
),
// Allow RDFa on <span> tags, using only the dc, foaf, xsd and sioc
// vocabularies/namespaces.
'span' => array(
'property' => array(
'dc:*' => TRUE,
'foaf:*' => TRUE,
),
'datatype' => array(
'xsd:*' => TRUE,
),
'rel' => array(
'sioc:*' => TRUE,
),
),
// Forbid the 'style' and 'on*' ('onClick' etc.) attributes on any
// tag.
'*' => array(
'style' => FALSE,
'on*' => FALSE,
),
),
);
A simpler example, for a very coarse filter:
array(
'forbidden_tags' => array(
'iframe',
'script',
),
);
The simplest example possible: a filter that doesn't allow any HTML:
array(
'allowed' => array(),
);
And for a filter that applies no restrictions, i.e. allows any HTML:
FALSE;
Overrides FilterBase::getHTMLRestrictions
See also
\Drupal\filter\Entity\FilterFormatInterface::getHtmlRestrictions()
File
- core/
modules/ filter/ tests/ filter_test/ src/ Plugin/ Filter/ FilterTestRestrictTagsAndAttributes.php, line 34
Class
- FilterTestRestrictTagsAndAttributes
- Provides a test filter to restrict HTML tags and attributes.
Namespace
Drupal\filter_test\Plugin\FilterCode
public function getHTMLRestrictions() {
$restrictions = $this->settings['restrictions'];
// The configuration system stores FALSE as '0' and TRUE as '1'. Fix that.
if (isset($restrictions['allowed'])) {
foreach ($restrictions['allowed'] as $tag => $attrs_or_bool) {
if (!is_array($attrs_or_bool)) {
$restrictions['allowed'][$tag] = (bool) $attrs_or_bool;
}
else {
foreach ($attrs_or_bool as $attr => $attrvals_or_bool) {
if (!is_array($attrvals_or_bool)) {
$restrictions['allowed'][$tag][$attr] = (bool) $attrvals_or_bool;
}
else {
foreach ($attrvals_or_bool as $attrval => $bool) {
$restrictions['allowed'][$tag][$attr][$attrval] = (bool) $bool;
}
}
}
}
}
}
if (isset($restrictions['forbidden_tags'])) {
foreach ($restrictions['forbidden_tags'] as $tag => $bool) {
$restrictions['forbidden_tags'][$tag] = (bool) $bool;
}
}
return $restrictions;
}