protected static function XssEscape::split in Extensible BBCode 4.0.x
Same name and namespace in other branches
- 8.3 src/XssEscape.php \Drupal\xbbcode\XssEscape::split()
Processes an HTML tag.
Parameters
string $string: The HTML tag to process.
array $html_tags: An array where the keys are the allowed tags and the values are not used.
string $class: The called class. This method is called from an anonymous function which breaks late static binding. See https://bugs.php.net/bug.php?id=66622 for more information.
Return value
string If the element isn't allowed, an empty string. Otherwise, the cleaned up version of the HTML element.
Overrides Xss::split
File
- src/
XssEscape.php, line 16
Class
- XssEscape
- Augmented version of Xss that defuses markup instead of removing it.
Namespace
Drupal\xbbcodeCode
protected static function split($string, $html_tags, $class) : string {
// Sanity check.
if (!is_subclass_of($class, Xss::class)) {
$class = static::class;
}
$output = parent::split($string, $html_tags, $class);
if ($output !== '') {
return $output;
}
if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9\\-]+)\\s*([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
// Seriously malformed.
return Html::escape($string);
}
$elem = $matches[2];
// When in whitelist mode, an element is disallowed when not listed.
if ($class::needsRemoval($html_tags, $elem)) {
return Html::escape($string);
}
// This should be unreachable.
return '';
}