/Drupal 8

class Xss

Provides helper to filter for cross-site scripting.


  • class \Drupal\Component\Utility\Xss

Related topics

Utility classes and functions
Overview of utility classes and functions for developers.


core/lib/Drupal/Component/Utility/Xss.php, line 10




Name Modifiers Type Description
Xss::$adminTags protected static property The list of HTML tags allowed by filterAdmin().
Xss::$htmlTags protected static property The default list of HTML tags allowed by filter().
Xss::attributes protected static function Processes a string of HTML attributes.
Xss::filter public static function Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities.
Xss::filterAdmin public static function Applies a very permissive XSS/HTML filter for admin-only use.
Xss::getAdminTagList public static function Gets the list of HTML tags allowed by Xss::filterAdmin().
Xss::getHtmlTagList public static function Gets the standard list of HTML tags allowed by Xss::filter().
Xss::needsRemoval protected static function Whether this element needs to be removed altogether.
Xss::split protected static function Processes an HTML tag.

© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.