function stringoverrides_advanced_string_is_safe in String Overrides Advanced 7

Check that a string is safe to be added or imported as a translation.

This test can be used to detect possibly bad translation strings. It should not have any false positives. But it is only a test, not a transformation, as it destroys valid HTML. We cannot reliably filter translation strings on import because some strings are irreversibly corrupted. For example, a & in the translation would get encoded to & by filter_xss() before being put in the database, and thus would be displayed incorrectly.

The allowed tag list is like filter_xss_admin(), but omitting div and img as not needed for translation and likely to cause layout issues (div) or a possible attack vector (img).

1 call to stringoverrides_advanced_string_is_safe()

stringoverrides_advanced_translate_edit_form_validate in ./stringoverrides_advanced.admin.inc

Validate string editing form submissions.

File

./stringoverrides_advanced.module, line 67

Code

function stringoverrides_advanced_string_is_safe($string) {
  return decode_entities($string) == decode_entities(filter_xss($string, array(
    'a',
    'abbr',
    'acronym',
    'address',
    'b',
    'bdo',
    'big',
    'blockquote',
    'br',
    'caption',
    'cite',
    'code',
    'col',
    'colgroup',
    'dd',
    'del',
    'dfn',
    'dl',
    'dt',
    'em',
    'h1',
    'h2',
    'h3',
    'h4',
    'h5',
    'h6',
    'hr',
    'i',
    'ins',
    'kbd',
    'li',
    'ol',
    'p',
    'pre',
    'q',
    'samp',
    'small',
    'span',
    'strong',
    'sub',
    'sup',
    'table',
    'tbody',
    'td',
    'tfoot',
    'th',
    'thead',
    'tr',
    'tt',
    'ul',
    'var',
  )));
}