Sanitization functions
Same name in other branches
- 8.9.x core/includes/common.inc \sanitization
Functions to sanitize values.
See http://drupal.org/writing-secure-code for information on writing secure code.
File
-
includes/
common.inc, line 1418
Functions
| Title Sort descending | File name | Summary |
|---|---|---|
| check_markup | modules/ |
Runs all the enabled filters on a piece of text. |
| check_plain | includes/ |
Encodes special characters in a plain-text string for display as HTML. |
| check_url | includes/ |
Strips dangerous protocols from a URI and encodes it for output to HTML. |
| drupal_attributes | includes/ |
Converts an associative array to an XML/HTML tag attribute string. |
| drupal_strip_dangerous_protocols | includes/ |
Strips dangerous protocols (e.g. 'javascript:') from a URI. |
| filter_xss | includes/ |
Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities. |
| filter_xss_admin | includes/ |
Applies a very permissive XSS/HTML filter for admin-only use. |
| filter_xss_bad_protocol | includes/ |
Processes an HTML attribute value and strips dangerous protocols from URLs. |
| format_string | includes/ |
Formats a string for HTML display by replacing variable placeholders. |
| get_t | includes/ |
Returns the name of the proper localization function. |
| st | includes/ |
Translates a string when some systems are not available. |
| t | includes/ |
Translates a string to the current language or to a given language. |
| _filter_xss_attributes | includes/ |
Processes a string of HTML attributes. |
| _filter_xss_split | includes/ |
Processes an HTML tag. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.