Drupal 8  8.0.2
FilterHtml Class Reference
Inheritance diagram for FilterHtml:

Public Member Functions

 settingsForm (array $form, FormStateInterface $form_state)
 
 setConfiguration (array $configuration)
 
 process ($text, $langcode)
 
 filterAttributes ($text)
 
 getHTMLRestrictions ()
 
 tips ($long=FALSE)
 
- Public Member Functions inherited from FilterBase
 __construct (array $configuration, $plugin_id, $plugin_definition)
 
 setConfiguration (array $configuration)
 
 getConfiguration ()
 
 defaultConfiguration ()
 
 calculateDependencies ()
 
 getType ()
 
 getLabel ()
 
 getDescription ()
 
 settingsForm (array $form, FormStateInterface $form_state)
 
 prepare ($text, $langcode)
 
 getHTMLRestrictions ()
 
 tips ($long=FALSE)
 
- Public Member Functions inherited from PluginInspectionInterface
 getPluginId ()
 
 getPluginDefinition ()
 

Protected Member Functions

 filterElementAttributes (\DOMElement $element, array $allowed_attributes)
 
 findAllowedValue (array $allowed, $name)
 
 prepareAttributeValues ($attribute_values)
 

Protected Attributes

 $restrictions
 
- Protected Attributes inherited from FilterBase
 $plugin_id
 
 $collection
 

Additional Inherited Members

- Data Fields inherited from FilterBase
 $provider
 
 $status = FALSE
 
 $weight = 0
 
 $settings = array()
 
- Data Fields inherited from FilterInterface
const TYPE_MARKUP_LANGUAGE = 0
 
const TYPE_HTML_RESTRICTOR = 1
 
const TYPE_TRANSFORM_REVERSIBLE = 2
 
const TYPE_TRANSFORM_IRREVERSIBLE = 3
 

Detailed Description

Provides a filter to limit allowed HTML tags.

The attributes in the annotation show examples of allowing all attributes by only having the attribute name, or allowing a fixed list of values, or allowing a value with a wildcard prefix.

( id = "filter_html", title = ("Limit allowed HTML tags and correct faulty HTML"), type = Drupal::TYPE_HTML_RESTRICTOR, settings = { "allowed_html" = "<a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type='1 A I'> <li> <dl> <dt> <dd> <h2 id='jump-*'> <h3 id> <h4 id> <h5 id> <h6 id>", "filter_html_help" = TRUE, "filter_html_nofollow" = FALSE }, weight = -10 )

Member Function Documentation

filterAttributes (   $text)

Provides filtering of tag attributes into accepted HTML.

Parameters
string$textThe HTML text string to be filtered.
Returns
string Filtered HTML with attributes filtered according to the settings.

References FilterHtml\filterElementAttributes(), FilterHtml\getHTMLRestrictions(), Html\load(), FilterHtml\prepareAttributeValues(), and Html\serialize().

Referenced by FilterHtml\process().

Here is the call graph for this function:

Here is the caller graph for this function:

filterElementAttributes ( \DOMElement  $element,
array  $allowed_attributes 
)
protected

Filter attributes on an element by name and value according to a whitelist.

Parameters
\DOMElement$elementThe element to be processed.
array$allowed_attributesThe attributes whitelist as an array of names and values.

References FilterHtml\findAllowedValue().

Referenced by FilterHtml\filterAttributes().

Here is the call graph for this function:

Here is the caller graph for this function:

findAllowedValue ( array  $allowed,
  $name 
)
protected

Helper function to handle prefix matching.

Parameters
array$allowedArray of allowed names and prefixes.
string$nameThe name to find or match against a prefix.
Returns
bool|array

Referenced by FilterHtml\filterElementAttributes().

Here is the caller graph for this function:

getHTMLRestrictions ( )

{Returns HTML allowed by this filter's configuration.May be implemented by filters of the FilterInterface::TYPE_HTML_RESTRICTOR type, this won't be used for filters of other types; they should just return FALSE.This callback function is only necessary for filters that strip away HTML tags (and possibly attributes) and allows other modules to gain insight in a generic manner into which HTML tags and attributes are allowed by a format.

Returns
array|FALSE A nested array with either of the following keys:
  • 'allowed': (optional) the allowed tags as keys, and for each of those tags (keys) either of the following values:
    • TRUE to indicate any attribute is allowed
    • FALSE to indicate no attributes are allowed
    • an array to convey attribute restrictions: the keys must be attribute names (which may use a wildcard, e.g. "data-*"), the possible values are similar to the above:
      • TRUE to indicate any attribute value is allowed
      • FALSE to indicate the attribute is forbidden
      • an array to convey attribute value restrictions: the key must be attribute values (which may use a wildcard, e.g. "xsd:*"), the possible values are TRUE or FALSE: to mark the attribute value as allowed or forbidden, respectively
  • 'forbidden_tags': (optional) the forbidden tags

There is one special case: the "wildcard tag", "*": any attribute restrictions on that pseudotag apply to all tags.If no restrictions apply, then FALSE must be returned.Here is a concrete example, for a very granular filter:

array(
'allowed' => array(
// Allows any attribute with any value on the <div> tag.
'div' => TRUE,
// Allows no attributes on the <p> tag.
'p' => FALSE,
// Allows the following attributes on the <a> tag:
// - 'href', with any value;
// - 'rel', with the value 'nofollow' value.
'a' => array(
'href' => TRUE,
'rel' => array('nofollow' => TRUE),
),
// Only allows the 'src' and 'alt' attributes on the <alt> tag,
// with any value.
'img' => array(
'src' => TRUE,
'alt' => TRUE,
),
// Allow RDFa on <span> tags, using only the dc, foaf, xsd and sioc
// vocabularies/namespaces.
'span' => array(
'property' => array('dc:*' => TRUE, 'foaf:*' => TRUE),
'datatype' => array('xsd:*' => TRUE),
'rel' => array('sioc:*' => TRUE),
),
// Forbid the 'style' and 'on*' ('onClick' etc.) attributes on any
// tag.
'*' => array(
'style' => FALSE,
'on*' => FALSE,
),
)
)
A simpler example, for a very coarse filter:

array(
'forbidden_tags' => array('iframe', 'script')
)
The simplest example possible: a filter that doesn't allow any HTML:

array(
'allowed' => array()
)
And for a filter that applies no restrictions, i.e. allows any HTML:

FALSE
See Also
::getHtmlRestrictions()
}

Implements FilterInterface.

References Html\load().

Referenced by FilterHtml\filterAttributes().

Here is the call graph for this function:

Here is the caller graph for this function:

prepareAttributeValues (   $attribute_values)
protected

Helper function to prepare attribute values including wildcards.

Splits the values into two lists, one for values that must match exactly and the other for values that are wildcard prefixes.

Parameters
bool | array$attribute_valuesTRUE, FALSE, or an array of allowed values.
Returns
bool|array

Referenced by FilterHtml\filterAttributes().

Here is the caller graph for this function:

process (   $text,
  $langcode 
)

{Performs the filter processing.

Parameters
string$textThe text string to be filtered.
string$langcodeThe language code of the text to be filtered.
Returns
The filtered text, wrapped in a FilterProcessResult object, and possibly with associated assets, cacheability metadata and placeholders.
See Also
}

Implements FilterInterface.

References Xss\filter(), and FilterHtml\filterAttributes().

Here is the call graph for this function:

setConfiguration ( array  $configuration)

{Sets the configuration for this plugin instance.

Parameters
array$configurationAn associative array containing the plugin's configuration.
}

Implements ConfigurablePluginInterface.

settingsForm ( array  $form,
FormStateInterface  $form_state 
)

{Generates a filter's settings form.

Parameters
array$formA minimally prepopulated form array.
\Drupal\Core\Form\FormStateInterface$form_stateThe state of the (entire) configuration form.
Returns
array The $form array with additional form elements for the settings of this filter. The submitted form values should match $this->settings.
}

Implements FilterInterface.

References t().

Here is the call graph for this function:

tips (   $long = FALSE)

{Generates a filter's tip.A filter's tips should be informative and to the point. Short tips are preferably one-liners.

Parameters
bool$longWhether this callback should return a short tip to display in a form (FALSE), or whether a more elaborate filter tips should be returned for template_preprocess_filter_tips() (TRUE).
Returns
string|null Translated text to display as a tip, or NULL if this filter has no tip.
Todo:
Split into getSummaryItem() and buildGuidelines().
}

Implements FilterInterface.

References Drupal\config(), Html\escape(), and t().

Here is the call graph for this function:


The documentation for this class was generated from the following file: