function js_callback_filter_xss in JS Callback Handler 7.2
Filters callback results against XSS vulnerabilities.
Parameters
mixed $result: The result to process.
Return value
array The filtered result.
1 call to js_callback_filter_xss()
- js_callback_execute in includes/
callback.inc - Execute a callback.
File
- includes/
callback.inc, line 359 - callback.inc
Code
function js_callback_filter_xss($result) {
static $allowed_tags;
if (!isset($allowed_tags)) {
$allowed_tags = array(
'a',
'abbr',
'acronym',
'address',
'article',
'aside',
'b',
'bdi',
'bdo',
'big',
'blockquote',
'br',
'caption',
'cite',
'code',
'col',
'colgroup',
'command',
'dd',
'del',
'details',
'dfn',
'div',
'dl',
'dt',
'em',
'figcaption',
'figure',
'footer',
'h1',
'h2',
'h3',
'h4',
'h5',
'h6',
'header',
'hgroup',
'hr',
'i',
'img',
'ins',
'kbd',
'li',
'mark',
'menu',
'meter',
'nav',
'ol',
'output',
'p',
'pre',
'progress',
'q',
'rp',
'rt',
'ruby',
's',
'samp',
'section',
'small',
'span',
'strong',
'sub',
'summary',
'sup',
'table',
'tbody',
'td',
'tfoot',
'th',
'thead',
'time',
'tr',
'tt',
'u',
'ul',
'var',
'wbr',
);
drupal_alter('js_callback_filter_xss', $allowed_tags);
}
if (is_string($result)) {
$result = filter_xss($result, $allowed_tags);
}
elseif (is_array($result)) {
foreach ($result as $key => $value) {
// Iterate over multi-dimensional arrays.
if (is_array($value)) {
$result[$key] = js_callback_filter_xss($value);
}
elseif (is_string($value)) {
$result[$key] = filter_xss($value, $allowed_tags);
}
}
}
return $result;
}