public WriteSafeSessionHandler::__construct(\SessionHandlerInterface $wrapped_session_handler, $session_writable = TRUE) Constructs a new write safe session handler. Parameters \SessionHandlerInterface $wrapped_session_handler: The underlying session handler. bool $session_writable: Whether or not the session should be initially writable. File core/lib/Drupal/Core/Session/WriteSafeSessionHandler.php, line 30 Class WriteSafeSessionHandler Wraps another SessionHandlerInterface to prevent wr

Provides an interface for session handlers where writing can be disabled. Hierarchy interface \Drupal\Core\Session\WriteSafeSessionHandlerInterface File core/lib/Drupal/Core/Session/WriteSafeSessionHandlerInterface.php, line 8 Namespace Drupal\Core\Session Members Name Modifiers Type Description WriteSafeSessionHandlerInterface::isSessionWritable public function Returns whether or not a session may be written to storage. WriteSafeSessionHandlerInterface::setSessionWrit

public WriteSafeSessionHandlerInterface::isSessionWritable() Returns whether or not a session may be written to storage. Return value bool TRUE if the session the session is allowed to be written, FALSE otherwise. File core/lib/Drupal/Core/Session/WriteSafeSessionHandlerInterface.php, line 29 Class WriteSafeSessionHandlerInterface Provides an interface for session handlers where writing can be disabled. Namespace Drupal\Core\Session Code public function isSessionWritable();

public WriteSafeSessionHandlerInterface::setSessionWritable($flag) Sets whether or not a session may be written to storage. It is not possible to enforce writing of the session data. This method is only capable of forcibly disabling that session data is written to storage. Parameters bool $flag: TRUE if the session the session is allowed to be written, FALSE otherwise. File core/lib/Drupal/Core/Session/WriteSafeSessionHandlerInterface.php, line 20 Class WriteSafeSessionHandlerInterface Pr

Provides helper to filter for cross-site scripting. Hierarchy class \Drupal\Component\Utility\Xss Related topics Utility classes and functions Overview of utility classes and functions for developers. File core/lib/Drupal/Component/Utility/Xss.php, line 10 Namespace Drupal\Component\Utility Members Name Modifiers Type Description Xss::$adminTags protected static property The list of HTML tags allowed by filterAdmin(). Xss::$htmlTags protected static property Th

The list of HTML tags allowed by filterAdmin(). Type: array See also \Drupal\Component\Utility\Xss::filterAdmin() File core/lib/Drupal/Component/Utility/Xss.php, line 19 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code protected static $adminTags = array('a', 'abbr', 'acronym', 'address', 'article', 'aside', 'b', 'bdi', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'command', 'dd', 'del', 'details',

The default list of HTML tags allowed by filter(). Type: array See also \Drupal\Component\Utility\Xss::filter() File core/lib/Drupal/Component/Utility/Xss.php, line 28 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code protected static $htmlTags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd');

protected static Xss::attributes($attributes) Processes a string of HTML attributes. Parameters string $attributes: The html attribute to process. Return value string Cleaned up version of the HTML attributes. File core/lib/Drupal/Component/Utility/Xss.php, line 198 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code protected static function attributes($attributes) { $attributes_array = array(); $mode = 0; $attribute_name = '';

public static Xss::filter($string, array $html_tags = NULL) Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities. Based on kses by Ulf Harnhammar, see http://sourceforge.net/projects/kses. For examples of various XSS attacks, see: http://ha.ckers.org/xss.html. This code does four things: Removes characters and constructs that can trick browsers. Makes sure all HTML entities are well-formed. Makes sure all HTML tags and attributes are well-formed. Makes sure no HTML tags contain UR

public static Xss::filterAdmin($string) Applies a very permissive XSS/HTML filter for admin-only use. Use only for fields where it is impractical to use the whole filter system, but where some (mainly inline) mark-up is desired (so \Drupal\Component\Utility\Html::escape() is not acceptable). Allows all tags that can be used inside an HTML body, save for scripts and styles. Parameters string $string: The string to apply the filter to. Return value string The filtered string. See also \Drupal\