public static FieldFilteredMarkup::create($string)
Overrides \Drupal\Component\Render\MarkupTrait::create().
Return value
string|\Drupal\Component\Render\MarkupInterface A safe string filtered with the allowed tag list and normalized.
Overrides MarkupTrait::create
See also
\Drupal\Core\Field\FieldFilteredMarkup::allowedTags()
\Drupal\Component\Utility\Xss::filter()
\Drupal\Component\Utility\Html::normalize()
File
- core/lib/Drupal/Core/Field/FieldFilteredMarkup.php, line 35
Class
- FieldFilteredMarkup
- Defines an object that passes safe strings through the Field system.
Namespace
Drupal\Core\Field
Code
public static function create($string) {
$string = (string) $string;
if ($string === '') {
return '';
}
$safe_string = new static();
// All known XSS vectors are filtered out by
// \Drupal\Component\Utility\Xss::filter(), all tags in the markup are
// allowed intentionally by the trait, and no danger is added in by
// \Drupal\Component\Utility\HTML::normalize(). Since the normalized value
// is essentially the same markup, designate this string as safe as well.
// This method is an internal part of field sanitization, so the resultant,
// sanitized string should be printable as is.
$safe_string->string = Html::normalize(Xss::filter($string, static::allowedTags()));
return $safe_string;
}
Please login to continue.