FieldFilteredMarkup::create

public static FieldFilteredMarkup::create($string)

Overrides \Drupal\Component\Render\MarkupTrait::create().

Return value

string|\Drupal\Component\Render\MarkupInterface A safe string filtered with the allowed tag list and normalized.

Overrides MarkupTrait::create

See also

\Drupal\Core\Field\FieldFilteredMarkup::allowedTags()

\Drupal\Component\Utility\Xss::filter()

\Drupal\Component\Utility\Html::normalize()

File

core/lib/Drupal/Core/Field/FieldFilteredMarkup.php, line 35

Class

FieldFilteredMarkup
Defines an object that passes safe strings through the Field system.

Namespace

Drupal\Core\Field

Code

public static function create($string) {
  $string = (string) $string;
  if ($string === '') {
    return '';
  }
  $safe_string = new static();
  // All known XSS vectors are filtered out by
  // \Drupal\Component\Utility\Xss::filter(), all tags in the markup are
  // allowed intentionally by the trait, and no danger is added in by
  // \Drupal\Component\Utility\HTML::normalize(). Since the normalized value
  // is essentially the same markup, designate this string as safe as well.
  // This method is an internal part of field sanitization, so the resultant,
  // sanitized string should be printable as is.
  $safe_string->string = Html::normalize(Xss::filter($string, static::allowedTags()));
  return $safe_string;
}
doc_Drupal
2016-10-29 09:11:29
Comments
Leave a Comment

Please login to continue.