interface EditorXssFilterInterface
Same name in other branches
- 8.9.x core/modules/editor/src/EditorXssFilterInterface.php \Drupal\editor\EditorXssFilterInterface
- 10 core/modules/editor/src/EditorXssFilterInterface.php \Drupal\editor\EditorXssFilterInterface
- 11.x core/modules/editor/src/EditorXssFilterInterface.php \Drupal\editor\EditorXssFilterInterface
Defines an interface for text editor XSS (Cross-site scripting) filters.
Hierarchy
- interface \Drupal\editor\EditorXssFilterInterface
Expanded class hierarchy of EditorXssFilterInterface
All classes that implement EditorXssFilterInterface
2 files declare their use of EditorXssFilterInterface
- Insecure.php in core/
modules/ editor/ tests/ modules/ editor_test/ src/ EditorXssFilter/ Insecure.php - Standard.php in core/
modules/ editor/ src/ EditorXssFilter/ Standard.php
File
-
core/
modules/ editor/ src/ EditorXssFilterInterface.php, line 10
Namespace
Drupal\editorView source
interface EditorXssFilterInterface {
/**
* Filters HTML to prevent XSS attacks when a user edits it in a text editor.
*
* Should filter as minimally as possible, only to remove XSS attack vectors.
*
* Is only called when:
* - loading a non-XSS-safe text editor for a $format that contains a filter
* preventing XSS attacks (a FilterInterface::TYPE_HTML_RESTRICTOR filter):
* if the output is safe, it should also be safe to edit.
* - loading a non-XSS-safe text editor for a $format that doesn't contain a
* filter preventing XSS attacks, but we're switching from a previous text
* format ($original_format is not NULL) that did prevent XSS attacks: if
* the output was previously safe, it should be safe to switch to another
* text format and edit.
*
* @param string $html
* The HTML to be filtered.
* @param \Drupal\filter\FilterFormatInterface $format
* The text format configuration entity. Provides context based upon which
* one may want to adjust the filtering.
* @param \Drupal\filter\FilterFormatInterface|null $original_format
* (optional) The original text format configuration entity (when switching
* text formats/editors). Also provides context based upon which one may
* want to adjust the filtering.
*
* @return string
* The filtered HTML that cannot cause any XSSes anymore.
*/
public static function filterXss($html, FilterFormatInterface $format, FilterFormatInterface $original_format = NULL);
}
Members
Title Sort descending | Modifiers | Object type | Summary | Overrides |
---|---|---|---|---|
EditorXssFilterInterface::filterXss | public static | function | Filters HTML to prevent XSS attacks when a user edits it in a text editor. | 2 |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.