Renderer::xssFilterAdminIfUnsafe

protected Renderer::xssFilterAdminIfUnsafe($string)

Applies a very permissive XSS/HTML filter for admin-only use.

Note: This method only filters if $string is not marked safe already. This ensures that HTML intended for display is not filtered.

Parameters

string|\Drupal\Core\Render\Markup $string: A string.

Return value

\Drupal\Core\Render\Markup The escaped string wrapped in a Markup object. If the string is an instance of \Drupal\Component\Render\MarkupInterface, it won't be escaped again.

File

core/lib/Drupal/Core/Render/Renderer.php, line 704

Class

Renderer: Turns a render array into a HTML string.

Namespace

Drupal\Core\Render

Code

protected function xssFilterAdminIfUnsafe($string) {
  if (!($string instanceof MarkupInterface)) {
    $string = Xss::filterAdmin($string);
  }
  return Markup::create($string);
}

Links:

https://api.drupal.org/api/drupal/core%21lib%21Drupal%21Core%21Render%21Renderer.php/function/Renderer%3A%3AxssFilterAdminIfUnsafe/8.2.x

doc_Drupal

2016-10-29 09:37:38

Comments