public function AllowedTagsXssTrait::fieldFilterXss in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/lib/Drupal/Core/Field/AllowedTagsXssTrait.php \Drupal\Core\Field\AllowedTagsXssTrait::fieldFilterXss()
Filters an HTML string to prevent XSS vulnerabilities.
Like \Drupal\Component\Utility\Xss::filterAdmin(), but with a shorter list of allowed tags.
Used for items entered by administrators, like field descriptions, allowed values, where some (mainly inline) mark-up may be desired (so \Drupal\Component\Utility\Html::escape() is not acceptable).
Parameters
string $string: The string with raw HTML in it.
Return value
\Drupal\Component\Utility\SafeMarkup An XSS safe version of $string, or an empty string if $string is not valid UTF-8.
File
- core/
lib/ Drupal/ Core/ Field/ AllowedTagsXssTrait.php, line 36 - Contains \Drupal\Core\Field\AllowedTagsXssTrait.
Class
- AllowedTagsXssTrait
- Useful methods when dealing with displaying allowed tags.
Namespace
Drupal\Core\FieldCode
public function fieldFilterXss($string) {
return FieldFilteredMarkup::create($string);
}