function AllowedTagsXssTrait::fieldFilterXss
Filters an HTML string to prevent XSS vulnerabilities.
Like \Drupal\Component\Utility\Xss::filterAdmin(), but with a shorter list of allowed tags.
Used for items entered by administrators, like field descriptions, allowed values, where some (mainly inline) mark-up may be desired (so \Drupal\Component\Utility\Html::escape() is not acceptable).
Parameters
string $string: The string with raw HTML in it.
Return value
\Drupal\Core\Field\FieldFilteredMarkup An XSS safe version of $string, or an empty string if $string is not valid UTF-8.
File
-
core/
lib/ Drupal/ Core/ Field/ AllowedTagsXssTrait.php, line 32
Class
- AllowedTagsXssTrait
- Useful methods when dealing with displaying allowed tags.
Namespace
Drupal\Core\FieldCode
public function fieldFilterXss($string) {
@trigger_error(__METHOD__ . ' is deprecated in drupal:8.0.0 and is removed in drupal:9.0.0. Use \\Drupal\\Core\\Field\\FieldFilteredMarkup::create() instead.', E_USER_DEPRECATED);
return FieldFilteredMarkup::create($string);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.