protected static Xss::needsRemoval($html_tags, $elem) Whether this element needs to be removed altogether. Parameters $html_tags: The list of HTML tags. $elem: The name of the HTML element. Return value bool TRUE if this element needs to be removed. File core/lib/Drupal/Component/Utility/Xss.php, line 325 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code protected static function needsRemoval($html_tags, $elem) { return !isset($ht

public static Xss::filterAdmin($string) Applies a very permissive XSS/HTML filter for admin-only use. Use only for fields where it is impractical to use the whole filter system, but where some (mainly inline) mark-up is desired (so \Drupal\Component\Utility\Html::escape() is not acceptable). Allows all tags that can be used inside an HTML body, save for scripts and styles. Parameters string $string: The string to apply the filter to. Return value string The filtered string. See also \Drupal\

public static Xss::getAdminTagList() Gets the list of HTML tags allowed by Xss::filterAdmin(). Return value array The list of HTML tags allowed by filterAdmin(). File core/lib/Drupal/Component/Utility/Xss.php, line 335 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code public static function getAdminTagList() { return static::$adminTags; }

public static Xss::getHtmlTagList() Gets the standard list of HTML tags allowed by Xss::filter(). Return value array The list of HTML tags allowed by Xss::filter(). File core/lib/Drupal/Component/Utility/Xss.php, line 345 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code public static function getHtmlTagList() { return static::$htmlTags; }

The default list of HTML tags allowed by filter(). Type: array See also \Drupal\Component\Utility\Xss::filter() File core/lib/Drupal/Component/Utility/Xss.php, line 28 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code protected static $htmlTags = array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd');

Provides helper to filter for cross-site scripting. Hierarchy class \Drupal\Component\Utility\Xss Related topics Utility classes and functions Overview of utility classes and functions for developers. File core/lib/Drupal/Component/Utility/Xss.php, line 10 Namespace Drupal\Component\Utility Members Name Modifiers Type Description Xss::$adminTags protected static property The list of HTML tags allowed by filterAdmin(). Xss::$htmlTags protected static property Th

public static Xss::filter($string, array $html_tags = NULL) Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities. Based on kses by Ulf Harnhammar, see http://sourceforge.net/projects/kses. For examples of various XSS attacks, see: http://ha.ckers.org/xss.html. This code does four things: Removes characters and constructs that can trick browsers. Makes sure all HTML entities are well-formed. Makes sure all HTML tags and attributes are well-formed. Makes sure no HTML tags contain UR

protected static Xss::attributes($attributes) Processes a string of HTML attributes. Parameters string $attributes: The html attribute to process. Return value string Cleaned up version of the HTML attributes. File core/lib/Drupal/Component/Utility/Xss.php, line 198 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code protected static function attributes($attributes) { $attributes_array = array(); $mode = 0; $attribute_name = '';

The list of HTML tags allowed by filterAdmin(). Type: array See also \Drupal\Component\Utility\Xss::filterAdmin() File core/lib/Drupal/Component/Utility/Xss.php, line 19 Class Xss Provides helper to filter for cross-site scripting. Namespace Drupal\Component\Utility Code protected static $adminTags = array('a', 'abbr', 'acronym', 'address', 'article', 'aside', 'b', 'bdi', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'command', 'dd', 'del', 'details',

public WriteSafeSessionHandlerInterface::isSessionWritable() Returns whether or not a session may be written to storage. Return value bool TRUE if the session the session is allowed to be written, FALSE otherwise. File core/lib/Drupal/Core/Session/WriteSafeSessionHandlerInterface.php, line 29 Class WriteSafeSessionHandlerInterface Provides an interface for session handlers where writing can be disabled. Namespace Drupal\Core\Session Code public function isSessionWritable();