function FilterInterface::getHTMLRestrictions

Same name and namespace in other branches
  1. 9 core/modules/filter/src/Plugin/FilterInterface.php \Drupal\filter\Plugin\FilterInterface::getHTMLRestrictions()
  2. 8.9.x core/modules/filter/src/Plugin/FilterInterface.php \Drupal\filter\Plugin\FilterInterface::getHTMLRestrictions()
  3. 10 core/modules/filter/src/Plugin/FilterInterface.php \Drupal\filter\Plugin\FilterInterface::getHTMLRestrictions()

Returns HTML allowed by this filter's configuration.

May be implemented by filters of the FilterInterface::TYPE_HTML_RESTRICTOR type, this won't be used for filters of other types; they should just return FALSE.

This callback function is only necessary for filters that strip away HTML tags (and possibly attributes) and allows other modules to gain insight in a generic manner into which HTML tags and attributes are allowed by a format.

Return value

array|false A nested array with the following structure:

  • 'allowed': the allowed tags as keys, and for each of those tags (keys) either of the following values:

    • TRUE to indicate any attribute is allowed
    • FALSE to indicate no attributes are allowed
    • an array to convey attribute restrictions: the keys must be attribute names (which may use a wildcard, e.g. "data-*"), the possible values are similar to the above:

      • TRUE to indicate any attribute value is allowed
      • FALSE to indicate the attribute is forbidden
      • an array to convey attribute value restrictions: the key must be attribute values (which may use a wildcard, e.g. "xsd:*"), the possible values are TRUE or FALSE: to mark the attribute value as allowed or forbidden, respectively

There is one special case: the "wildcard tag", "*": any attribute restrictions on that pseudotag apply to all tags.

If no restrictions apply, then FALSE must be returned.

Here is a concrete example, for a very granular filter:

[
    'allowed' => [
        // Allows any attribute with any value on the <div> tag.
'div' => TRUE,
        // Allows no attributes on the <p> tag.
'p' => FALSE,
        // Allows the following attributes on the <a> tag:
        //  - 'href', with any value;
        //  - 'rel', with the value 'nofollow' value.
'a' => [
            'href' => TRUE,
            'rel' => [
                'nofollow' => TRUE,
            ],
        ],
        // Only allows the 'src' and 'alt' attributes on the <alt> tag,
        // with any value.
'img' => [
            'src' => TRUE,
            'alt' => TRUE,
        ],
        // Forbid the 'style' and 'on*' ('onClick' etc.) attributes on any
        // tag.
'*' => [
            'style' => FALSE,
            'on*' => FALSE,
        ],
    ],
];

The simplest example possible: a filter that doesn't allow any HTML:

[
    'allowed' => [],
];

And for a filter that applies no restrictions, i.e. allows any HTML:

FALSE;

See also

\Drupal\filter\Entity\FilterFormatInterface::getHtmlRestrictions()

1 method overrides FilterInterface::getHTMLRestrictions()
FilterBase::getHTMLRestrictions in core/modules/filter/src/Plugin/FilterBase.php
Returns HTML allowed by this filter's configuration.

File

core/modules/filter/src/Plugin/FilterInterface.php, line 252

Class

FilterInterface
Defines the interface for text processing filter plugins.

Namespace

Drupal\filter\Plugin

Code

public function getHTMLRestrictions();

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.