class HtmlTitleFilter in HTML Title 8
Drupal\html_title\HtmlTitleFilter.
Hierarchy
- class \Drupal\html_title\HtmlTitleFilter
Expanded class hierarchy of HtmlTitleFilter
3 files declare their use of HtmlTitleFilter
- HtmlTitleFilterTest.php in tests/
src/ Unit/ HtmlTitleFilterTest.php - HtmlTitleFormatter.php in src/
Plugin/ Field/ FieldFormatter/ HtmlTitleFormatter.php - NodeHtmlTitle.php in src/
Plugin/ views/ field/ NodeHtmlTitle.php
1 string reference to 'HtmlTitleFilter'
1 service uses HtmlTitleFilter
File
- src/
HtmlTitleFilter.php, line 14
Namespace
Drupal\html_titleView source
class HtmlTitleFilter {
/**
* The config factory.
*
* @var \Drupal\Core\Config\ConfigFactoryInterface
*/
protected $configFactory;
/**
* The renderer.
*
* @var \Drupal\Core\Render\RendererInterface
*/
protected $renderer;
/**
* HtmlTitleFilter constructor.
*
* @param \Drupal\Core\Config\ConfigFactoryInterface $configFactory
* The config factory.
* @param \Drupal\Core\Render\RendererInterface $renderer
* The renderer.
*/
public function __construct(ConfigFactoryInterface $configFactory, RendererInterface $renderer) {
$this->configFactory = $configFactory;
$this->renderer = $renderer;
}
/**
* Helper function to help filter out unwanted XSS opportunities.
*
* Use this function if you expect to have junk or incomplete html. It uses
* the same strategy as the "Fix Html" filter option in configuring the HTML
* filter in the text format configuration.
*/
protected function filterXss($title) {
$dom = new \DOMDocument();
// Ignore warnings during HTML soup loading.
@$dom
->loadHTML('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body>' . $title . '</body></html>', LIBXML_NOENT);
$xp = new \DOMXPath($dom);
$q = "//body//text()";
$nodes = $xp
->query($q);
foreach ($nodes as $n) {
$n->nodeValue = htmlspecialchars($n->nodeValue, ENT_QUOTES);
}
$body = $dom
->saveHTML($dom
->getElementsByTagName('body')
->item(0));
// $dom->saveHTML() escapes & as & for all entities that were replaced
// using htmlspecialchars(). Undo this double-escaping.
$body = str_replace('&', '&', $body);
return Xss::filter($body, $this
->getAllowHtmlTags());
}
/**
* Filte string with allow html tags.
*/
public function decodeToText($str) {
if (is_array($str)) {
$str = $this->renderer
->renderPlain($str);
}
return trim($this
->filterXss(Html::decodeEntities((string) $str)));
}
/**
* Filte string with allow html tags.
*/
public function decodeToMarkup($str) {
return Markup::create($this
->decodeToText($str));
}
/**
* Get allow html tags array.
*/
public function getAllowHtmlTags() {
$tags = [];
$html = str_replace('>', ' />', $this->configFactory
->get('html_title.settings')
->get('allow_html_tags'));
$body_child_nodes = Html::load($html)
->getElementsByTagName('body')
->item(0)->childNodes;
foreach ($body_child_nodes as $node) {
if ($node->nodeType === XML_ELEMENT_NODE) {
$tags[] = $node->tagName;
}
}
return $tags;
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
HtmlTitleFilter:: |
protected | property | The config factory. | |
|
HtmlTitleFilter:: |
protected | property | The renderer. | |
|
HtmlTitleFilter:: |
public | function | Filte string with allow html tags. | |
|
HtmlTitleFilter:: |
public | function | Filte string with allow html tags. | |
|
HtmlTitleFilter:: |
protected | function | Helper function to help filter out unwanted XSS opportunities. | |
|
HtmlTitleFilter:: |
public | function | Get allow html tags array. | |
|
HtmlTitleFilter:: |
public | function | HtmlTitleFilter constructor. |