当前位置: 首页>>代码示例>>PHP>>正文


PHP Xss::filter方法代码示例

本文整理汇总了PHP中Drupal\Component\Utility\Xss::filter方法的典型用法代码示例。如果您正苦于以下问题:PHP Xss::filter方法的具体用法?PHP Xss::filter怎么用?PHP Xss::filter使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在Drupal\Component\Utility\Xss的用法示例。


在下文中一共展示了Xss::filter方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: getTextContent

 /**
  * Retrieves the plain-text content from the current raw content.
  */
 protected function getTextContent()
 {
     if (!isset($this->plainTextContent)) {
         $this->plainTextContent = Xss::filter($this->getRawContent(), array());
     }
     return $this->plainTextContent;
 }
开发者ID:nsp15,项目名称:Drupal8,代码行数:10,代码来源:AssertContentTrait.php

示例2: isSimple

 /**
  * Determines if a string of text is considered "simple".
  *
  * @param string $string
  *   The string of text to check "simple" criteria on.
  * @param int|FALSE $length
  *   The length of characters used to determine whether or not $string is
  *   considered "simple". Set explicitly to FALSE to disable this criteria.
  * @param array|FALSE $allowed_tags
  *   An array of allowed tag elements. Set explicitly to FALSE to disable this
  *   criteria.
  * @param bool $html
  *   A variable, passed by reference, that indicates whether or not the
  *   string contains HTML.
  *
  * @return bool
  *   Returns TRUE if the $string is considered "simple", FALSE otherwise.
  */
 public static function isSimple($string, $length = 250, $allowed_tags = NULL, &$html = FALSE)
 {
     // Typecast to a string (if an object).
     $string_clone = (string) $string;
     // Use the advanced drupal_static() pattern.
     static $drupal_static_fast;
     if (!isset($drupal_static_fast)) {
         $drupal_static_fast['strings'] =& drupal_static(__METHOD__);
     }
     $strings =& $drupal_static_fast['strings'];
     if (!isset($strings[$string_clone])) {
         $plain_string = strip_tags($string_clone);
         $simple = TRUE;
         if ($allowed_tags !== FALSE) {
             $filtered_string = Xss::filter($string_clone, $allowed_tags);
             $html = $filtered_string !== $plain_string;
             $simple = $simple && $string_clone === $filtered_string;
         }
         if ($length !== FALSE) {
             $simple = $simple && strlen($plain_string) <= intval($length);
         }
         $strings[$string_clone] = $simple;
     }
     return $strings[$string_clone];
 }
开发者ID:Suite5,项目名称:feelmybook,代码行数:43,代码来源:Unicode.php

示例3: process

 /**
  * {@inheritdoc}
  */
 public function process($text, $langcode)
 {
     $allowed_tags = array_filter($this->settings['restrictions']['allowed'], function ($value) {
         return is_array($value) || (bool) $value !== FALSE;
     });
     return new FilterProcessResult(Xss::filter($text, array_keys($allowed_tags)));
 }
开发者ID:ddrozdik,项目名称:dmaps,代码行数:10,代码来源:FilterTestRestrictTagsAndAttributes.php

示例4: getTextContent

 /**
  * Retrieves the plain-text content from the current raw content.
  */
 protected function getTextContent() {
   if (!isset($this->plainTextContent)) {
     $raw_content = $this->getRawContent();
     // Strip everything between the HEAD tags.
     $raw_content = preg_replace('@<head>(.+?)</head>@si', '', $raw_content);
     $this->plainTextContent = Xss::filter($raw_content, array());
   }
   return $this->plainTextContent;
 }
开发者ID:jthoresen,项目名称:PladsenDrupal,代码行数:12,代码来源:AssertContentTrait.php

示例5: testExecutionOrder

 /**
  * Tests execution order of hook_form_alter() and hook_form_FORM_ID_alter().
  */
 function testExecutionOrder()
 {
     $this->drupalGet('form-test/alter');
     // Ensure that the order is first by module, then for a given module, the
     // id-specific one after the generic one.
     $expected = array('block_form_form_test_alter_form_alter() executed.', 'form_test_form_alter() executed.', 'form_test_form_form_test_alter_form_alter() executed.', 'system_form_form_test_alter_form_alter() executed.');
     $content = preg_replace('/\\s+/', ' ', Xss::filter($this->content, array()));
     $this->assert(strpos($content, implode(' ', $expected)) !== FALSE, 'Form alter hooks executed in the expected order.');
 }
开发者ID:sarahwillem,项目名称:OD8,代码行数:12,代码来源:AlterTest.php

示例6: getOptions

 /**
  * Returns the array of recipient handler labels.
  * @todo documentation
  */
 public function getOptions()
 {
     $handlers = $this->getDefinitions();
     $allowed_values = array();
     foreach ($handlers as $handler => $settings) {
         $allowed_values[$handler] = Xss::filter($settings['title']);
     }
     return $allowed_values;
 }
开发者ID:aritnath1990,项目名称:simplenewslatest,代码行数:13,代码来源:RecipientHandlerManager.php

示例7: testCustomFieldXss

 /**
  * Ensure that custom field content is XSS filtered.
  */
 public function testCustomFieldXss()
 {
     $view = Views::getView('test_view');
     $view->setDisplay();
     // Alter the text of the field to include XSS.
     $text = '<script>alert("kittens")</script>';
     $view->displayHandlers->get('default')->overrideOption('fields', array('name' => array('id' => 'name', 'table' => 'views_test_data', 'field' => 'name', 'relationship' => 'none', 'alter' => array('text' => $text))));
     $this->executeView($view);
     $this->assertEqual(Xss::filter($text), $view->style_plugin->getField(0, 'name'));
 }
开发者ID:briefmedia-digital,项目名称:drupal8,代码行数:13,代码来源:FieldCustomTest.php

示例8: at_core_submit_custom_css

function at_core_submit_custom_css($values, $generated_files_path)
{
    $custom_css = '';
    if (!empty($values['settings_custom_css'])) {
        // sanitize user entered data
        $custom_css = Xss::filter($values['settings_custom_css']);
    }
    $file_name = 'custom-css.css';
    $filepath = $generated_files_path . '/' . $file_name;
    file_unmanaged_save_data($custom_css, $filepath, FILE_EXISTS_REPLACE);
}
开发者ID:neetumorwani,项目名称:blogging,代码行数:11,代码来源:custom_css_submit.php

示例9: process

 /**
  * {@inheritdoc}
  */
 public function process($text, $langcode)
 {
     $restrictions = $this->getHtmlRestrictions();
     // Split the work into two parts. For filtering HTML tags out of the content
     // we rely on the well-tested Xss::filter() code. Since there is no '*' tag
     // that needs to be removed from the list.
     unset($restrictions['allowed']['*']);
     $text = Xss::filter($text, array_keys($restrictions['allowed']));
     // After we've done tag filtering, we do attribute and attribute value
     // filtering as the second part.
     return new FilterProcessResult($this->filterAttributes($text));
 }
开发者ID:HakS,项目名称:drupal8_training,代码行数:15,代码来源:FilterHtml.php

示例10: checkoutInfo

 /**
  * {@inheritdoc}
  */
 public function checkoutInfo(JobInterface $job)
 {
     $tuid = $job->getSetting('translator');
     if ($tuid && ($translator = User::load($tuid))) {
         $form['job_status'] = array('#type' => 'item', '#title' => t('Job status'), '#markup' => t('Translation job is assigned to %name.', array('%name' => $translator->getUsername())));
     } else {
         $form['job_status'] = array('#type' => 'item', '#title' => t('Job status'), '#markup' => t('Translation job is not assigned to any user.'));
     }
     if ($job->getSetting('job_comment')) {
         $form['job_comment'] = array('#type' => 'item', '#title' => t('Job comment'), '#markup' => Xss::filter($job->getSetting('job_comment')));
     }
     return $form;
 }
开发者ID:andrewl,项目名称:andrewlnet,代码行数:16,代码来源:LocalTranslatorUi.php

示例11: fieldFilterXss

 /**
  * Filters an HTML string to prevent XSS vulnerabilities.
  *
  * Like \Drupal\Component\Utility\Xss::filterAdmin(), but with a shorter list
  * of allowed tags.
  *
  * Used for items entered by administrators, like field descriptions, allowed
  * values, where some (mainly inline) mark-up may be desired (so
  * \Drupal\Component\Utility\SafeMarkup::checkPlain() is not acceptable).
  *
  * @param string $string
  *   The string with raw HTML in it.
  *
  * @return \Drupal\Component\Utility\SafeMarkup
  *   An XSS safe version of $string, or an empty string if $string is not
  *   valid UTF-8.
  */
 public function fieldFilterXss($string)
 {
     // All known XSS vectors are filtered out by
     // \Drupal\Component\Utility\Xss::filter(), all tags in the markup are
     // allowed intentionally by the trait, and no danger is added in by
     // \Drupal\Component\Utility\HTML::normalize(). Since the normalized value
     // is essentially the same markup, designate this string as safe as well.
     // This method is an internal part of field sanitization, so the resultant,
     // sanitized string should be printable as is.
     //
     // @todo Free this memory in https://www.drupal.org/node/2505963.
     return SafeMarkup::set(Html::normalize(Xss::filter($string, $this->allowedTags())));
 }
开发者ID:nsp15,项目名称:Drupal8,代码行数:30,代码来源:AllowedTagsXssTrait.php

示例12: zen

 /**
  * {@inheritdoc}
  */
 public function zen()
 {
     $principles = $this->principleManager->getAllPrinciples();
     $title = t('My mind is empty.');
     if (count($principles) > 0) {
         // Get a random item from the array of principles
         $k = array_rand($principles);
         $principle = $principles[$k];
         $title = Xss::filter($principle->title);
     }
     $build = array('#type' => 'markup', '#markup' => $title);
     return new Response(\Drupal::service('renderer')->renderRoot($build));
 }
开发者ID:joesb,项目名称:wunderhub,代码行数:16,代码来源:WkHubPrincipleController.php

示例13: create

 /**
  * Overrides \Drupal\Component\Utility\SafeStringTrait::create().
  *
  * @return string|\Drupal\Component\Utility\SafeStringInterface
  *   A safe string filtered with the allowed tag list and normalized.
  *
  * @see \Drupal\Core\Field\FieldFilteredString::allowedTags()
  * @see \Drupal\Component\Utility\Xss::filter()
  * @see \Drupal\Component\Utility\Html::normalize()
  */
 public static function create($string)
 {
     $string = (string) $string;
     if ($string === '') {
         return '';
     }
     $safe_string = new static();
     // All known XSS vectors are filtered out by
     // \Drupal\Component\Utility\Xss::filter(), all tags in the markup are
     // allowed intentionally by the trait, and no danger is added in by
     // \Drupal\Component\Utility\HTML::normalize(). Since the normalized value
     // is essentially the same markup, designate this string as safe as well.
     // This method is an internal part of field sanitization, so the resultant,
     // sanitized string should be printable as is.
     $safe_string->string = Html::normalize(Xss::filter($string, static::allowedTags()));
     return $safe_string;
 }
开发者ID:ravindrasingh22,项目名称:Drupal-8-rc,代码行数:27,代码来源:FieldFilteredString.php

示例14: process

 /**
  * {@inheritdoc}
  */
 public function process($text, $langcode)
 {
     $result = new FilterProcessResult($text);
     if (stristr($text, 'data-caption') !== FALSE) {
         $dom = Html::load($text);
         $xpath = new \DOMXPath($dom);
         foreach ($xpath->query('//*[@data-caption]') as $node) {
             // Read the data-caption attribute's value, then delete it.
             $caption = Html::escape($node->getAttribute('data-caption'));
             $node->removeAttribute('data-caption');
             // Sanitize caption: decode HTML encoding, limit allowed HTML tags; only
             // allow inline tags that are allowed by default, plus <br>.
             $caption = Html::decodeEntities($caption);
             $caption = FilteredMarkup::create(Xss::filter($caption, array('a', 'em', 'strong', 'cite', 'code', 'br')));
             // The caption must be non-empty.
             if (Unicode::strlen($caption) === 0) {
                 continue;
             }
             // Given the updated node and caption: re-render it with a caption, but
             // bubble up the value of the class attribute of the captioned element,
             // this allows it to collaborate with e.g. the filter_align filter.
             $tag = $node->tagName;
             $classes = $node->getAttribute('class');
             $node->removeAttribute('class');
             $node = $node->parentNode->tagName === 'a' ? $node->parentNode : $node;
             $filter_caption = array('#theme' => 'filter_caption', '#node' => FilteredMarkup::create($node->C14N()), '#tag' => $tag, '#caption' => $caption, '#classes' => $classes);
             $altered_html = drupal_render($filter_caption);
             // Load the altered HTML into a new DOMDocument and retrieve the element.
             $updated_nodes = Html::load($altered_html)->getElementsByTagName('body')->item(0)->childNodes;
             foreach ($updated_nodes as $updated_node) {
                 // Import the updated node from the new DOMDocument into the original
                 // one, importing also the child nodes of the updated node.
                 $updated_node = $dom->importNode($updated_node, TRUE);
                 $node->parentNode->insertBefore($updated_node, $node);
             }
             // Finally, remove the original data-caption node.
             $node->parentNode->removeChild($node);
         }
         $result->setProcessedText(Html::serialize($dom))->addAttachments(array('library' => array('filter/caption')));
     }
     return $result;
 }
开发者ID:aWEBoLabs,项目名称:taxi,代码行数:45,代码来源:FilterCaption.php

示例15: submitConfigurationForm

 /**
  * {@inheritdoc}
  */
 public function submitConfigurationForm(array &$form, FormStateInterface $form_state)
 {
     $this->configuration['wrappers'] = $form_state->getValue('region_wrapper');
     foreach (['outer_wrapper', 'attributes', 'link_attribute', 'link_custom'] as $name) {
         $this->configuration[$name] = $this->configuration['wrappers'][$name];
         unset($this->configuration['wrappers'][$name]);
     }
     // Apply Xss::filter to attributes.
     $this->configuration['attributes'] = Xss::filter($this->configuration['attributes']);
     // In case classes is missing entirely, use the defaults.
     $defaults = $this->defaultConfiguration();
     $this->configuration['classes'] = $form_state->getValue('ds_classes', $defaults['classes']);
     // Do not save empty classes.
     foreach ($this->configuration['classes'] as $region_name => &$classes) {
         foreach ($classes as $class) {
             if (empty($class)) {
                 unset($classes[$class]);
             }
         }
     }
 }
开发者ID:darrylri,项目名称:protovbmwmo,代码行数:24,代码来源:DsLayout.php


注:本文中的Drupal\Component\Utility\Xss::filter方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。