Drupal 8  8.0.2
Inheritance diagram for Xss:

Static Public Member Functions

static filter ($string, array $html_tags=NULL)
 
static filterAdmin ($string)
 
static getAdminTagList ()
 
static getHtmlTagList ()
 

Static Protected Member Functions

static split ($string, $html_tags, $class)
 
static attributes ($attributes)
 
static needsRemoval ($html_tags, $elem)
 

Static Protected Attributes

static $adminTags = array('a', 'abbr', 'acronym', 'address', 'article', 'aside', 'b', 'bdi', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'command', 'dd', 'del', 'details', 'dfn', 'div', 'dl', 'dt', 'em', 'figcaption', 'figure', 'footer', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'header', 'hgroup', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'mark', 'menu', 'meter', 'nav', 'ol', 'output', 'p', 'pre', 'progress', 'q', 'rp', 'rt', 'ruby', 's', 'samp', 'section', 'small', 'span', 'strong', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'time', 'tr', 'tt', 'u', 'ul', 'var', 'wbr')
 
static $htmlTags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd')
 

Detailed Description

Provides helper to filter for cross-site scripting.

Member Function Documentation

static attributes (   $attributes)
staticprotected

Processes a string of HTML attributes.

Parameters
string$attributesThe html attribute to process.
Returns
string Cleaned up version of the HTML attributes.

References UrlHelper\filterBadProtocol().

Here is the call graph for this function:

static getAdminTagList ( )
static

Gets the list of HTML tags allowed by Xss::filterAdmin().

Returns
array The list of HTML tags allowed by filterAdmin().

Referenced by Renderer\ensureMarkupIsSafe().

Here is the caller graph for this function:

static getHtmlTagList ( )
static

Gets the standard list of HTML tags allowed by Xss::filter().

Returns
array The list of HTML tags allowed by Xss::filter().

Referenced by ViewsBlock\build(), Page\execute(), AggregatorController\feedTitle(), MenuController\menuTitle(), TaxonomyController\termTitle(), UserController\userTitle(), and TaxonomyController\vocabularyTitle().

Here is the caller graph for this function:

static needsRemoval (   $html_tags,
  $elem 
)
staticprotected

Whether this element needs to be removed altogether.

Parameters
$html_tagsThe list of HTML tags.
$elemThe name of the HTML element.
Returns
bool TRUE if this element needs to be removed.
static split (   $string,
  $html_tags,
  $class 
)
staticprotected

Processes an HTML tag.

Parameters
string$stringThe HTML tag to process.
array$html_tagsAn array where the keys are the allowed tags and the values are not used.
string$classThe called class. This method is called from an anonymous function which breaks late static binding. See https://bugs.php.net/bug.php?id=66622 for more information.
Returns
string If the element isn't allowed, an empty string. Otherwise, the cleaned up version of the HTML element.

The documentation for this class was generated from the following file: