function FieldFilteredMarkup::create
Same name in other branches
- 9 core/lib/Drupal/Core/Field/FieldFilteredMarkup.php \Drupal\Core\Field\FieldFilteredMarkup::create()
- 8.9.x core/lib/Drupal/Core/Field/FieldFilteredMarkup.php \Drupal\Core\Field\FieldFilteredMarkup::create()
- 11.x core/lib/Drupal/Core/Field/FieldFilteredMarkup.php \Drupal\Core\Field\FieldFilteredMarkup::create()
Overrides \Drupal\Component\Render\MarkupTrait::create().
Return value
string|\Drupal\Component\Render\MarkupInterface A safe string filtered with the allowed tag list and normalized.
Overrides MarkupTrait::create
See also
\Drupal\Core\Field\FieldFilteredMarkup::allowedTags()
\Drupal\Component\Utility\Xss::filter()
\Drupal\Component\Utility\Html::normalize()
7 calls to FieldFilteredMarkup::create()
- FieldFilteredMarkupTest::testCreate in core/
tests/ Drupal/ Tests/ Core/ Field/ FieldFilteredMarkupTest.php - @covers ::create @dataProvider providerTestCreate
- NumberListField::summaryName in core/
modules/ options/ src/ Plugin/ views/ argument/ NumberListField.php - Provides the name to use for the summary, defaults to the name field.
- NumberWidget::formElement in core/
lib/ Drupal/ Core/ Field/ Plugin/ Field/ FieldWidget/ NumberWidget.php - Returns the form for a single field widget.
- OptionsWidgetBase::sanitizeLabel in core/
lib/ Drupal/ Core/ Field/ Plugin/ Field/ FieldWidget/ OptionsWidgetBase.php - Sanitizes a string label to display as an option.
- StringListField::summaryName in core/
modules/ options/ src/ Plugin/ views/ argument/ StringListField.php - Provides the name to use for the summary, defaults to the name field.
File
-
core/
lib/ Drupal/ Core/ Field/ FieldFilteredMarkup.php, line 35
Class
- FieldFilteredMarkup
- Defines an object that passes safe strings through the Field system.
Namespace
Drupal\Core\FieldCode
public static function create($string) {
$string = (string) $string;
if ($string === '') {
return '';
}
$safe_string = new static();
// All known XSS vectors are filtered out by
// \Drupal\Component\Utility\Xss::filter(), all tags in the markup are
// allowed intentionally by the trait, and no danger is added in by
// \Drupal\Component\Utility\Html::normalize(). Since the normalized value
// is essentially the same markup, designate this string as safe as well.
// This method is an internal part of field sanitization, so the resultant,
// sanitized string should be printable as is.
$safe_string->string = Html::normalize(Xss::filter($string, static::allowedTags()));
return $safe_string;
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.