public function InputFormats::evaluate in Security Review 8
Returns the evaluation page of a result.
Usually this is a list of the findings and an explanation.
Parameters
\Drupal\security_review\CheckResult $result: The check result to evaluate.
Return value
array The render array of the evaluation page.
Overrides Check::evaluate
File
- src/
Checks/ InputFormats.php, line 118
Class
- InputFormats
- Checks for vulnerabilities related to input formats.
Namespace
Drupal\security_review\ChecksCode
public function evaluate(CheckResult $result) {
$output = [];
if (!empty($result
->findings()['tags'])) {
$paragraphs = [];
$paragraphs[] = Link::createFromRoute($this
->t('Review your text formats.'), 'filter.admin_overview');
$paragraphs[] = $this
->t('It is recommended you remove the following tags from roles accessible by untrusted users.');
$output[] = [
'#theme' => 'check_evaluation',
'#paragraphs' => $paragraphs,
'#items' => $result
->findings()['tags'],
];
}
if (!empty($result
->findings()['formats'])) {
$paragraphs = [];
$paragraphs[] = $this
->t('The following formats are usable by untrusted roles and do not filter or escape allowed HTML tags.');
$output[] = [
'#theme' => 'check_evaluation',
'#paragraphs' => $paragraphs,
'#items' => $result
->findings()['formats'],
];
}
return $output;
}