class XssEscape in Extensible BBCode 4.0.x
Same name and namespace in other branches
- 8.3 src/XssEscape.php \Drupal\xbbcode\XssEscape
Augmented version of Xss that defuses markup instead of removing it.
Hierarchy
Expanded class hierarchy of XssEscape
1 file declares its use of XssEscape
- XBBCodeFilter.php in src/
Plugin/ Filter/ XBBCodeFilter.php
File
- src/
XssEscape.php, line 11
Namespace
Drupal\xbbcodeView source
class XssEscape extends Xss {
/**
* {@inheritdoc}
*/
protected static function split($string, $html_tags, $class) : string {
// Sanity check.
if (!is_subclass_of($class, Xss::class)) {
$class = static::class;
}
$output = parent::split($string, $html_tags, $class);
if ($output !== '') {
return $output;
}
if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9\\-]+)\\s*([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
// Seriously malformed.
return Html::escape($string);
}
$elem = $matches[2];
// When in whitelist mode, an element is disallowed when not listed.
if ($class::needsRemoval($html_tags, $elem)) {
return Html::escape($string);
}
// This should be unreachable.
return '';
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
Xss:: |
protected static | property | The list of HTML tags allowed by filterAdmin(). | |
|
Xss:: |
protected static | property | The default list of HTML tags allowed by filter(). | |
|
Xss:: |
protected static | function | Processes a string of HTML attributes. | |
|
Xss:: |
public static | function | Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities. | |
|
Xss:: |
public static | function | Applies a very permissive XSS/HTML filter for admin-only use. | |
|
Xss:: |
public static | function | Gets the list of HTML tags allowed by Xss::filterAdmin(). | |
|
Xss:: |
public static | function | Gets the standard list of HTML tags allowed by Xss::filter(). | |
|
Xss:: |
protected static | function | Whether this element needs to be removed altogether. | 1 |
|
XssEscape:: |
protected static | function |
Processes an HTML tag. Overrides Xss:: |