trait AllowedTagsXssTrait
Useful methods when dealing with displaying allowed tags.
Hierarchy
- trait \Drupal\Core\Field\AllowedTagsXssTrait
Deprecated
in drupal:8.0.0 and is removed from drupal:9.0.0. Use \Drupal\Core\Field\FieldFilteredMarkup instead.
See also
\Drupal\Core\Field\FieldFilteredMarkup
8 files declare their use of AllowedTagsXssTrait
- AllowedTagsXssTraitDeprecateTest.php in core/
tests/ Drupal/ Tests/ Core/ Field/ AllowedTagsXssTraitDeprecateTest.php - FieldConfigEditForm.php in core/
modules/ field_ui/ src/ Form/ FieldConfigEditForm.php - ListItemBase.php in core/
modules/ options/ src/ Plugin/ Field/ FieldType/ ListItemBase.php - NumberListField.php in core/
modules/ options/ src/ Plugin/ views/ argument/ NumberListField.php - NumericFormatterBase.php in core/
lib/ Drupal/ Core/ Field/ Plugin/ Field/ FieldFormatter/ NumericFormatterBase.php
File
-
core/
lib/ Drupal/ Core/ Field/ AllowedTagsXssTrait.php, line 13
Namespace
Drupal\Core\FieldView source
trait AllowedTagsXssTrait {
/**
* Filters an HTML string to prevent XSS vulnerabilities.
*
* Like \Drupal\Component\Utility\Xss::filterAdmin(), but with a shorter list
* of allowed tags.
*
* Used for items entered by administrators, like field descriptions, allowed
* values, where some (mainly inline) mark-up may be desired (so
* \Drupal\Component\Utility\Html::escape() is not acceptable).
*
* @param string $string
* The string with raw HTML in it.
*
* @return \Drupal\Core\Field\FieldFilteredMarkup
* An XSS safe version of $string, or an empty string if $string is not
* valid UTF-8.
*/
public function fieldFilterXss($string) {
@trigger_error(__METHOD__ . ' is deprecated in drupal:8.0.0 and is removed in drupal:9.0.0. Use \\Drupal\\Core\\Field\\FieldFilteredMarkup::create() instead.', E_USER_DEPRECATED);
return FieldFilteredMarkup::create($string);
}
/**
* Returns a list of tags allowed by AllowedTagsXssTrait::fieldFilterXss().
*/
public function allowedTags() {
@trigger_error(__METHOD__ . ' is deprecated in drupal:8.0.0 and is removed in drupal:9.0.0. Use \\Drupal\\Core\\Field\\FieldFilteredMarkup::allowedTags() instead.', E_USER_DEPRECATED);
return FieldFilteredMarkup::allowedTags();
}
/**
* Returns a human-readable list of allowed tags for display in help texts.
*/
public function displayAllowedTags() {
@trigger_error(__METHOD__ . ' is deprecated in drupal:8.0.0 and is removed in drupal:9.0.0. Use \\Drupal\\Core\\Field\\FieldFilteredMarkup::displayAllowedTags() instead.', E_USER_DEPRECATED);
return FieldFilteredMarkup::displayAllowedTags();
}
}
Members
Title Sort descending | Modifiers | Object type | Summary |
---|---|---|---|
AllowedTagsXssTrait::allowedTags | public | function | Returns a list of tags allowed by AllowedTagsXssTrait::fieldFilterXss(). |
AllowedTagsXssTrait::displayAllowedTags | public | function | Returns a human-readable list of allowed tags for display in help texts. |
AllowedTagsXssTrait::fieldFilterXss | public | function | Filters an HTML string to prevent XSS vulnerabilities. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.