You are here

Home » API reference » Linkit 8.5 » LinkitXss.php

class LinkitXss in Linkit 8.5

Same name and namespace in other branches
  1. 8.4 src/Utility/LinkitXss.php \Drupal\linkit\Utility\LinkitXss

Extends the default XSS protection to simplify it for Linkits needs.

Hierarchy

  • class \Drupal\Component\Utility\Xss

Expanded class hierarchy of LinkitXss

3 files declare their use of LinkitXss
EntityMatcher.php in src/Plugin/Linkit/Matcher/EntityMatcher.php
FileMatcher.php in src/Plugin/Linkit/Matcher/FileMatcher.php
TermMatcher.php in src/Plugin/Linkit/Matcher/TermMatcher.php

File

src/Utility/LinkitXss.php, line 10

Namespace

Drupal\linkit\Utility
View source 
class LinkitXss extends Xss {

  /**
   * Description filter helper.
   *
   * @param string $string
   *   The string with raw HTML in it. It will be stripped of everything that
   *   can cause an XSS attack.
   *
   * @return string
   *   An XSS safe version of $string, or an empty string if $string is not
   *   valid UTF-8.
   *
   * @see \Drupal\Component\Utility\Xss::filter()
   */
  public static function descriptionFilter($string) {
    return parent::filter($string, [
      'img',
    ] + Xss::getHtmlTagList());
  }

}

Members

Namesort descending Modifiers Type Description Overrides
LinkitXss::descriptionFilter public static function Description filter helper.
Xss::$adminTags protected static property The list of HTML tags allowed by filterAdmin().
Xss::$htmlTags protected static property The default list of HTML tags allowed by filter().
Xss::attributes protected static function Processes a string of HTML attributes.
Xss::filter public static function Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities.
Xss::filterAdmin public static function Applies a very permissive XSS/HTML filter for admin-only use.
Xss::getAdminTagList public static function Gets the list of HTML tags allowed by Xss::filterAdmin().
Xss::getHtmlTagList public static function Gets the standard list of HTML tags allowed by Xss::filter().
Xss::needsRemoval protected static function Whether this element needs to be removed altogether. 1
Xss::split protected static function Processes an HTML tag.