public AllowedTagsXssTrait::fieldFilterXss($string)
Filters an HTML string to prevent XSS vulnerabilities.
Like \Drupal\Component\Utility\Xss::filterAdmin(), but with a shorter list of allowed tags.
Used for items entered by administrators, like field descriptions, allowed values, where some (mainly inline) mark-up may be desired (so \Drupal\Component\Utility\Html::escape() is not acceptable).
string $string: The string with raw HTML in it.
\Drupal\Component\Utility\SafeMarkup An XSS safe version of $string, or an empty string if $string is not valid UTF-8.
public function fieldFilterXss($string) {
return FieldFilteredMarkup::create($string);
}
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!lib!Drupal!Core!Field!AllowedTagsXssTrait.php/function/AllowedTagsXssTrait::fieldFilterXss/8.1.x