function Renderer::xssFilterAdminIfUnsafe
Same name in other branches
- 9 core/lib/Drupal/Core/Render/Renderer.php \Drupal\Core\Render\Renderer::xssFilterAdminIfUnsafe()
- 8.9.x core/lib/Drupal/Core/Render/Renderer.php \Drupal\Core\Render\Renderer::xssFilterAdminIfUnsafe()
- 11.x core/lib/Drupal/Core/Render/Renderer.php \Drupal\Core\Render\Renderer::xssFilterAdminIfUnsafe()
Applies a very permissive XSS/HTML filter for admin-only use.
Note: This method only filters if $string is not marked safe already. This ensures that HTML intended for display is not filtered.
Parameters
string|\Drupal\Core\Render\Markup $string: A string.
Return value
\Drupal\Core\Render\Markup The escaped string wrapped in a Markup object. If the string is an instance of \Drupal\Component\Render\MarkupInterface, it won't be escaped again.
1 call to Renderer::xssFilterAdminIfUnsafe()
- Renderer::doRender in core/
lib/ Drupal/ Core/ Render/ Renderer.php - See the docs for ::render().
File
-
core/
lib/ Drupal/ Core/ Render/ Renderer.php, line 799
Class
- Renderer
- Turns a render array into an HTML string.
Namespace
Drupal\Core\RenderCode
protected function xssFilterAdminIfUnsafe($string) {
if (!$string instanceof MarkupInterface) {
$string = Xss::filterAdmin($string);
}
return Markup::create($string);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.