function Renderer::xssFilterAdminIfUnsafe

Same name and namespace in other branches
  1. 8.9.x core/lib/Drupal/Core/Render/Renderer.php \Drupal\Core\Render\Renderer::xssFilterAdminIfUnsafe()
  2. 10 core/lib/Drupal/Core/Render/Renderer.php \Drupal\Core\Render\Renderer::xssFilterAdminIfUnsafe()
  3. 11.x core/lib/Drupal/Core/Render/Renderer.php \Drupal\Core\Render\Renderer::xssFilterAdminIfUnsafe()

Applies a very permissive XSS/HTML filter for admin-only use.

Note: This method only filters if $string is not marked safe already. This ensures that HTML intended for display is not filtered.

Parameters

string|\Drupal\Core\Render\Markup $string: A string.

Return value

\Drupal\Core\Render\Markup The escaped string wrapped in a Markup object. If the string is an instance of \Drupal\Component\Render\MarkupInterface, it won't be escaped again.

1 call to Renderer::xssFilterAdminIfUnsafe()
Renderer::doRender in core/lib/Drupal/Core/Render/Renderer.php
See the docs for ::render().

File

core/lib/Drupal/Core/Render/Renderer.php, line 710

Class

Renderer
Turns a render array into an HTML string.

Namespace

Drupal\Core\Render

Code

protected function xssFilterAdminIfUnsafe($string) {
    if (!$string instanceof MarkupInterface) {
        $string = Xss::filterAdmin($string);
    }
    return Markup::create($string);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.