protected static Xss::needsRemoval($html_tags, $elem) Whether this element needs to be removed altogether. Parameters $html_tags: The list of HTML tags. $elem: The name of the HTML element. Return value bool TRUE if this element needs to be removed. File core/lib/Drupal/Component/Utility/Xss.php, line 325 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code protected static function needsRemoval($html_tags, $elem) { return !isset($ht

public static Xss::getHtmlTagList() Gets the standard list of HTML tags allowed by Xss::filter(). Return value array The list of HTML tags allowed by Xss::filter(). File core/lib/Drupal/Component/Utility/Xss.php, line 345 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code public static function getHtmlTagList() { return static::$htmlTags; }

public static Xss::getAdminTagList() Gets the list of HTML tags allowed by Xss::filterAdmin(). Return value array The list of HTML tags allowed by filterAdmin(). File core/lib/Drupal/Component/Utility/Xss.php, line 335 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code public static function getAdminTagList() { return static::$adminTags; }

public static Xss::filterAdmin($string) Applies a very permissive XSS/HTML filter for admin-only use. Use only for fields where it is impractical to use the whole filter system, but where some (mainly inline) mark-up is desired (so \Drupal\Component\Utility\Html::escape() is not acceptable). Allows all tags that can be used inside an HTML body, save for scripts and styles. Parameters string $string: The string to apply the filter to. Return value string The filtered string. See also \Drupal\

public static Xss::filter($string, array $html_tags = NULL) Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities. Based on kses by Ulf Harnhammar, see http://sourceforge.net/projects/kses. For examples of various XSS attacks, see: http://ha.ckers.org/xss.html. This code does four things: Removes characters and constructs that can trick browsers. Makes sure all HTML entities are well-formed. Makes sure all HTML tags and attributes are well-formed. Makes sure no HTML tags contain UR

protected static Xss::attributes($attributes) Processes a string of HTML attributes. Parameters string $attributes: The html attribute to process. Return value string Cleaned up version of the HTML attributes. File core/lib/Drupal/Component/Utility/Xss.php, line 198 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code protected static function attributes($attributes) { $attributes_array = array(); $mode = 0; $attribute_name = '';

The default list of HTML tags allowed by filter(). Type: array See also \Drupal\Component\Utility\Xss::filter() File core/lib/Drupal/Component/Utility/Xss.php, line 28 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code protected static $htmlTags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd');

The list of HTML tags allowed by filterAdmin(). Type: array See also \Drupal\Component\Utility\Xss::filterAdmin() File core/lib/Drupal/Component/Utility/Xss.php, line 19 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code protected static $adminTags = array('a', 'abbr', 'acronym', 'address', 'article', 'aside', 'b', 'bdi', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'command', 'dd', 'del', 'details',

Provides helper to filter for cross-site scripting. Hierarchy class \Drupal\Component\Utility\Xss Related topics Utility classes and functions Overview of utility classes and functions for developers. File core/lib/Drupal/Component/Utility/Xss.php, line 10 Namespace Drupal\Component\Utility Members Name Modifiers Type Description Xss::$adminTags protected static property The list of HTML tags allowed by filterAdmin(). Xss::$htmlTags protected static property Th

public WriteSafeSessionHandlerInterface::setSessionWritable($flag) Sets whether or not a session may be written to storage. It is not possible to enforce writing of the session data. This method is only capable of forcibly disabling that session data is written to storage. Parameters bool $flag: TRUE if the session the session is allowed to be written, FALSE otherwise. File core/lib/Drupal/Core/Session/WriteSafeSessionHandlerInterface.php, line 20 Class WriteSafeSessionHandlerInterface Pr