function FieldFilteredMarkup::create

Same name in other branches
  1. 8.9.x core/lib/Drupal/Core/Field/FieldFilteredMarkup.php \Drupal\Core\Field\FieldFilteredMarkup::create()
  2. 10 core/lib/Drupal/Core/Field/FieldFilteredMarkup.php \Drupal\Core\Field\FieldFilteredMarkup::create()
  3. 11.x core/lib/Drupal/Core/Field/FieldFilteredMarkup.php \Drupal\Core\Field\FieldFilteredMarkup::create()

Overrides \Drupal\Component\Render\MarkupTrait::create().

Return value

string|\Drupal\Component\Render\MarkupInterface A safe string filtered with the allowed tag list and normalized.

Overrides MarkupTrait::create

See also

\Drupal\Core\Field\FieldFilteredMarkup::allowedTags()

\Drupal\Component\Utility\Xss::filter()

\Drupal\Component\Utility\Html::normalize()

7 calls to FieldFilteredMarkup::create()
FieldFilteredMarkupTest::testCreate in core/tests/Drupal/Tests/Core/Field/FieldFilteredMarkupTest.php
@covers ::create @dataProvider providerTestCreate
NumberListField::summaryName in core/modules/options/src/Plugin/views/argument/NumberListField.php
Provides the name to use for the summary, defaults to the name field.
NumberWidget::formElement in core/lib/Drupal/Core/Field/Plugin/Field/FieldWidget/NumberWidget.php
Returns the form for a single field widget.
OptionsWidgetBase::sanitizeLabel in core/lib/Drupal/Core/Field/Plugin/Field/FieldWidget/OptionsWidgetBase.php
Sanitizes a string label to display as an option.
StringListField::summaryName in core/modules/options/src/Plugin/views/argument/StringListField.php
Provides the name to use for the summary, defaults to the name field.

... See full list

File

core/lib/Drupal/Core/Field/FieldFilteredMarkup.php, line 35

Class

FieldFilteredMarkup
Defines an object that passes safe strings through the Field system.

Namespace

Drupal\Core\Field

Code

public static function create($string) {
    $string = (string) $string;
    if ($string === '') {
        return '';
    }
    $safe_string = new static();
    // All known XSS vectors are filtered out by
    // \Drupal\Component\Utility\Xss::filter(), all tags in the markup are
    // allowed intentionally by the trait, and no danger is added in by
    // \Drupal\Component\Utility\HTML::normalize(). Since the normalized value
    // is essentially the same markup, designate this string as safe as well.
    // This method is an internal part of field sanitization, so the resultant,
    // sanitized string should be printable as is.
    $safe_string->string = Html::normalize(Xss::filter($string, static::allowedTags()));
    return $safe_string;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.