function FilterInterface::getHTMLRestrictions
Same name in other branches
- 8.9.x core/modules/filter/src/Plugin/FilterInterface.php \Drupal\filter\Plugin\FilterInterface::getHTMLRestrictions()
- 10 core/modules/filter/src/Plugin/FilterInterface.php \Drupal\filter\Plugin\FilterInterface::getHTMLRestrictions()
- 11.x core/modules/filter/src/Plugin/FilterInterface.php \Drupal\filter\Plugin\FilterInterface::getHTMLRestrictions()
Returns HTML allowed by this filter's configuration.
May be implemented by filters of the FilterInterface::TYPE_HTML_RESTRICTOR type, this won't be used for filters of other types; they should just return FALSE.
This callback function is only necessary for filters that strip away HTML tags (and possibly attributes) and allows other modules to gain insight in a generic manner into which HTML tags and attributes are allowed by a format.
Return value
array|false A nested array with *either* of the following keys:
- 'allowed': (optional) the allowed tags as keys, and for each of those
tags (keys) either of the following values:
- TRUE to indicate any attribute is allowed
- FALSE to indicate no attributes are allowed
- an array to convey attribute restrictions: the keys must be
attribute names (which may use a wildcard, e.g. "data-*"), the
possible values are similar to the above:
- TRUE to indicate any attribute value is allowed
- FALSE to indicate the attribute is forbidden
- an array to convey attribute value restrictions: the key must be attribute values (which may use a wildcard, e.g. "xsd:*"), the possible values are TRUE or FALSE: to mark the attribute value as allowed or forbidden, respectively
- 'forbidden_tags': (deprecated) the forbidden tags
There is one special case: the "wildcard tag", "*": any attribute restrictions on that pseudotag apply to all tags.
If no restrictions apply, then FALSE must be returned.
Here is a concrete example, for a very granular filter:
array(
'allowed' => array(
// Allows any attribute with any value on the <div> tag.
'div' => TRUE,
// Allows no attributes on the <p> tag.
'p' => FALSE,
// Allows the following attributes on the <a> tag:
// - 'href', with any value;
// - 'rel', with the value 'nofollow' value.
'a' => array(
'href' => TRUE,
'rel' => array(
'nofollow' => TRUE,
),
),
// Only allows the 'src' and 'alt' attributes on the <alt> tag,
// with any value.
'img' => array(
'src' => TRUE,
'alt' => TRUE,
),
// Allow RDFa on <span> tags, using only the dc, foaf, xsd and sioc
// vocabularies/namespaces.
'span' => array(
'property' => array(
'dc:*' => TRUE,
'foaf:*' => TRUE,
),
'datatype' => array(
'xsd:*' => TRUE,
),
'rel' => array(
'sioc:*' => TRUE,
),
),
// Forbid the 'style' and 'on*' ('onClick' etc.) attributes on any
// tag.
'*' => array(
'style' => FALSE,
'on*' => FALSE,
),
),
);
A simpler example, for a very coarse filter:
array(
'forbidden_tags' => array(
'iframe',
'script',
),
);
The simplest example possible: a filter that doesn't allow any HTML:
array(
'allowed' => array(),
);
And for a filter that applies no restrictions, i.e. allows any HTML:
FALSE;
See also
\Drupal\filter\Entity\FilterFormatInterface::getHtmlRestrictions()
1 method overrides FilterInterface::getHTMLRestrictions()
- FilterBase::getHTMLRestrictions in core/
modules/ filter/ src/ Plugin/ FilterBase.php - Returns HTML allowed by this filter's configuration.
File
-
core/
modules/ filter/ src/ Plugin/ FilterInterface.php, line 267
Class
- FilterInterface
- Defines the interface for text processing filter plugins.
Namespace
Drupal\filter\PluginCode
public function getHTMLRestrictions();
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.