trait AllowedTagsXssTrait

Useful methods when dealing with displaying allowed tags.

Hierarchy

Deprecated

in drupal:8.0.0 and is removed from drupal:9.0.0. Use \Drupal\Core\Field\FieldFilteredMarkup instead.

See also

\Drupal\Core\Field\FieldFilteredMarkup

8 files declare their use of AllowedTagsXssTrait
AllowedTagsXssTraitDeprecateTest.php in core/tests/Drupal/Tests/Core/Field/AllowedTagsXssTraitDeprecateTest.php
FieldConfigEditForm.php in core/modules/field_ui/src/Form/FieldConfigEditForm.php
ListItemBase.php in core/modules/options/src/Plugin/Field/FieldType/ListItemBase.php
NumberListField.php in core/modules/options/src/Plugin/views/argument/NumberListField.php
NumericFormatterBase.php in core/lib/Drupal/Core/Field/Plugin/Field/FieldFormatter/NumericFormatterBase.php

... See full list

File

core/lib/Drupal/Core/Field/AllowedTagsXssTrait.php, line 13

Namespace

Drupal\Core\Field
View source
trait AllowedTagsXssTrait {
    
    /**
     * Filters an HTML string to prevent XSS vulnerabilities.
     *
     * Like \Drupal\Component\Utility\Xss::filterAdmin(), but with a shorter list
     * of allowed tags.
     *
     * Used for items entered by administrators, like field descriptions, allowed
     * values, where some (mainly inline) mark-up may be desired (so
     * \Drupal\Component\Utility\Html::escape() is not acceptable).
     *
     * @param string $string
     *   The string with raw HTML in it.
     *
     * @return \Drupal\Core\Field\FieldFilteredMarkup
     *   An XSS safe version of $string, or an empty string if $string is not
     *   valid UTF-8.
     */
    public function fieldFilterXss($string) {
        @trigger_error(__METHOD__ . ' is deprecated in drupal:8.0.0 and is removed in drupal:9.0.0. Use \\Drupal\\Core\\Field\\FieldFilteredMarkup::create() instead.', E_USER_DEPRECATED);
        return FieldFilteredMarkup::create($string);
    }
    
    /**
     * Returns a list of tags allowed by AllowedTagsXssTrait::fieldFilterXss().
     */
    public function allowedTags() {
        @trigger_error(__METHOD__ . ' is deprecated in drupal:8.0.0 and is removed in drupal:9.0.0. Use \\Drupal\\Core\\Field\\FieldFilteredMarkup::allowedTags() instead.', E_USER_DEPRECATED);
        return FieldFilteredMarkup::allowedTags();
    }
    
    /**
     * Returns a human-readable list of allowed tags for display in help texts.
     */
    public function displayAllowedTags() {
        @trigger_error(__METHOD__ . ' is deprecated in drupal:8.0.0 and is removed in drupal:9.0.0. Use \\Drupal\\Core\\Field\\FieldFilteredMarkup::displayAllowedTags() instead.', E_USER_DEPRECATED);
        return FieldFilteredMarkup::displayAllowedTags();
    }

}

Members

Title Sort descending Modifiers Object type Summary
AllowedTagsXssTrait::allowedTags public function Returns a list of tags allowed by AllowedTagsXssTrait::fieldFilterXss().
AllowedTagsXssTrait::displayAllowedTags public function Returns a human-readable list of allowed tags for display in help texts.
AllowedTagsXssTrait::fieldFilterXss public function Filters an HTML string to prevent XSS vulnerabilities.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.