public static FieldFilteredMarkup::create($string)
Overrides \Drupal\Component\Render\MarkupTrait::create().
string|\Drupal\Component\Render\MarkupInterface A safe string filtered with the allowed tag list and normalized.
Overrides MarkupTrait::create
\Drupal\Core\Field\FieldFilteredMarkup::allowedTags()
\Drupal\Component\Utility\Xss::filter()
\Drupal\Component\Utility\Html::normalize()
public static function create($string) { $string = (string) $string; if ($string === '') { return ''; } $safe_string = new static(); // All known XSS vectors are filtered out by // \Drupal\Component\Utility\Xss::filter(), all tags in the markup are // allowed intentionally by the trait, and no danger is added in by // \Drupal\Component\Utility\HTML::normalize(). Since the normalized value // is essentially the same markup, designate this string as safe as well. // This method is an internal part of field sanitization, so the resultant, // sanitized string should be printable as is. $safe_string->string = Html::normalize(Xss::filter($string, static::allowedTags())); return $safe_string; }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!lib!Drupal!Core!Field!FieldFilteredMarkup.php/function/FieldFilteredMarkup::create/8.1.x