W3cubDocs

/Drupal 8

public static function Xss::filterAdmin

public static Xss::filterAdmin($string)

Applies a very permissive XSS/HTML filter for admin-only use.

Use only for fields where it is impractical to use the whole filter system, but where some (mainly inline) mark-up is desired (so \Drupal\Component\Utility\Html::escape() is not acceptable).

Allows all tags that can be used inside an HTML body, save for scripts and styles.

Parameters

string $string: The string to apply the filter to.

Return value

string The filtered string.

See also

\Drupal\Component\Utility\Xss::getAdminTagList()

Related topics

Sanitization functions
Functions to sanitize values.

File

core/lib/Drupal/Component/Utility/Xss.php, line 120

Class

Xss
Provides helper to filter for cross-site scripting.

Namespace

Drupal\Component\Utility

Code

public static function filterAdmin($string) {
  return static::filter($string, static::$adminTags);
}

© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!lib!Drupal!Component!Utility!Xss.php/function/Xss::filterAdmin/8.1.x