class FieldFilteredMarkup
Same name in other branches
- 9 core/lib/Drupal/Core/Field/FieldFilteredMarkup.php \Drupal\Core\Field\FieldFilteredMarkup
- 8.9.x core/lib/Drupal/Core/Field/FieldFilteredMarkup.php \Drupal\Core\Field\FieldFilteredMarkup
- 11.x core/lib/Drupal/Core/Field/FieldFilteredMarkup.php \Drupal\Core\Field\FieldFilteredMarkup
Defines an object that passes safe strings through the Field system.
This object filters the string using a very restrictive tag list when it is created.
@internal This object is marked as internal because it should only be used by the Field module and field-related plugins.
Hierarchy
- class \Drupal\Core\Field\FieldFilteredMarkup implements \Drupal\Component\Render\MarkupInterface, \Drupal\Core\Field\Countable uses \Drupal\Component\Render\MarkupTrait
Expanded class hierarchy of FieldFilteredMarkup
See also
12 files declare their use of FieldFilteredMarkup
- FieldConfigEditForm.php in core/
modules/ field_ui/ src/ Form/ FieldConfigEditForm.php - FieldFilteredMarkupTest.php in core/
tests/ Drupal/ Tests/ Core/ Field/ FieldFilteredMarkupTest.php - file.module in core/
modules/ file/ file.module - Defines a "managed_file" Form API field and a "file" field for Field module.
- ListFloatItem.php in core/
modules/ options/ src/ Plugin/ Field/ FieldType/ ListFloatItem.php - ListIntegerItem.php in core/
modules/ options/ src/ Plugin/ Field/ FieldType/ ListIntegerItem.php
File
-
core/
lib/ Drupal/ Core/ Field/ FieldFilteredMarkup.php, line 22
Namespace
Drupal\Core\FieldView source
final class FieldFilteredMarkup implements MarkupInterface, \Countable {
use MarkupTrait;
/**
* Overrides \Drupal\Component\Render\MarkupTrait::create().
*
* @return string|\Drupal\Component\Render\MarkupInterface
* A safe string filtered with the allowed tag list and normalized.
*
* @see \Drupal\Core\Field\FieldFilteredMarkup::allowedTags()
* @see \Drupal\Component\Utility\Xss::filter()
* @see \Drupal\Component\Utility\Html::normalize()
*/
public static function create($string) {
$string = (string) $string;
if ($string === '') {
return '';
}
$safe_string = new static();
// All known XSS vectors are filtered out by
// \Drupal\Component\Utility\Xss::filter(), all tags in the markup are
// allowed intentionally by the trait, and no danger is added in by
// \Drupal\Component\Utility\Html::normalize(). Since the normalized value
// is essentially the same markup, designate this string as safe as well.
// This method is an internal part of field sanitization, so the resultant,
// sanitized string should be printable as is.
$safe_string->string = Html::normalize(Xss::filter($string, static::allowedTags()));
return $safe_string;
}
/**
* Returns the allowed tag list.
*
* @return string[]
* A list of allowed tags.
*/
public static function allowedTags() {
return [
'a',
'b',
'big',
'code',
'del',
'em',
'i',
'ins',
'pre',
'q',
'small',
'span',
'strong',
'sub',
'sup',
'tt',
'ol',
'ul',
'li',
'p',
'br',
'img',
];
}
/**
* Returns a human-readable list of allowed tags for display in help texts.
*
* @return string
* A human-readable list of allowed tags for display in help texts.
*/
public static function displayAllowedTags() {
return '<' . implode('> <', static::allowedTags()) . '>';
}
}
Members
Title Sort descending | Modifiers | Object type | Summary | Overriden Title |
---|---|---|---|---|
FieldFilteredMarkup::allowedTags | public static | function | Returns the allowed tag list. | |
FieldFilteredMarkup::create | public static | function | Overrides \Drupal\Component\Render\MarkupTrait::create(). | Overrides MarkupTrait::create |
FieldFilteredMarkup::displayAllowedTags | public static | function | Returns a human-readable list of allowed tags for display in help texts. | |
MarkupTrait::$string | protected | property | The safe string. | |
MarkupTrait::count | public | function | Returns the string length. | |
MarkupTrait::jsonSerialize | public | function | Returns a representation of the object for use in JSON serialization. | |
MarkupTrait::__toString | public | function | Returns the string version of the Markup object. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.