trait AllowedTagsXssTrait in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/lib/Drupal/Core/Field/AllowedTagsXssTrait.php \Drupal\Core\Field\AllowedTagsXssTrait
Useful methods when dealing with displaying allowed tags.
Hierarchy
- trait \Drupal\Core\Field\AllowedTagsXssTrait
Deprecated
in Drupal 8.0.x, will be removed before Drupal 9.0.0. Use \Drupal\Core\Field\FieldFilteredMarkup instead.
See also
\Drupal\Core\Field\FieldFilteredMarkup
7 files declare their use of AllowedTagsXssTrait
- FieldConfigEditForm.php in core/
modules/ field_ui/ src/ Form/ FieldConfigEditForm.php - Contains \Drupal\field_ui\Form\FieldConfigEditForm.
- ListItemBase.php in core/
modules/ options/ src/ Plugin/ Field/ FieldType/ ListItemBase.php - Contains \Drupal\options\Plugin\Field\FieldType\ListItemBase.
- NumberListField.php in core/
modules/ options/ src/ Plugin/ views/ argument/ NumberListField.php - Contains \Drupal\options\Plugin\views\argument\NumberListField.
- NumericFormatterBase.php in core/
lib/ Drupal/ Core/ Field/ Plugin/ Field/ FieldFormatter/ NumericFormatterBase.php - Contains \Drupal\Core\Field\Plugin\Field\FieldFormatter\NumericFormatterBase.
- OptionsDefaultFormatter.php in core/
modules/ options/ src/ Plugin/ Field/ FieldFormatter/ OptionsDefaultFormatter.php - Contains \Drupal\options\Plugin\Field\FieldFormatter\OptionsDefaultFormatter.
File
- core/
lib/ Drupal/ Core/ Field/ AllowedTagsXssTrait.php, line 17 - Contains \Drupal\Core\Field\AllowedTagsXssTrait.
Namespace
Drupal\Core\FieldView source
trait AllowedTagsXssTrait {
/**
* Filters an HTML string to prevent XSS vulnerabilities.
*
* Like \Drupal\Component\Utility\Xss::filterAdmin(), but with a shorter list
* of allowed tags.
*
* Used for items entered by administrators, like field descriptions, allowed
* values, where some (mainly inline) mark-up may be desired (so
* \Drupal\Component\Utility\Html::escape() is not acceptable).
*
* @param string $string
* The string with raw HTML in it.
*
* @return \Drupal\Component\Utility\SafeMarkup
* An XSS safe version of $string, or an empty string if $string is not
* valid UTF-8.
*/
public function fieldFilterXss($string) {
return FieldFilteredMarkup::create($string);
}
/**
* Returns a list of tags allowed by AllowedTagsXssTrait::fieldFilterXss().
*/
public function allowedTags() {
return FieldFilteredMarkup::allowedTags();
}
/**
* Returns a human-readable list of allowed tags for display in help texts.
*/
public function displayAllowedTags() {
return FieldFilteredMarkup::displayAllowedTags();
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
AllowedTagsXssTrait:: |
public | function | Returns a list of tags allowed by AllowedTagsXssTrait::fieldFilterXss(). | |
AllowedTagsXssTrait:: |
public | function | Returns a human-readable list of allowed tags for display in help texts. | |
AllowedTagsXssTrait:: |
public | function | Filters an HTML string to prevent XSS vulnerabilities. |