本文整理汇总了PHP中Drupal\Component\Utility\Xss::filter方法的典型用法代码示例。如果您正苦于以下问题:PHP Xss::filter方法的具体用法?PHP Xss::filter怎么用?PHP Xss::filter使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Drupal\Component\Utility\Xss
的用法示例。
在下文中一共展示了Xss::filter方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: getTextContent
/**
* Retrieves the plain-text content from the current raw content.
*/
protected function getTextContent()
{
if (!isset($this->plainTextContent)) {
$this->plainTextContent = Xss::filter($this->getRawContent(), array());
}
return $this->plainTextContent;
}
示例2: isSimple
/**
* Determines if a string of text is considered "simple".
*
* @param string $string
* The string of text to check "simple" criteria on.
* @param int|FALSE $length
* The length of characters used to determine whether or not $string is
* considered "simple". Set explicitly to FALSE to disable this criteria.
* @param array|FALSE $allowed_tags
* An array of allowed tag elements. Set explicitly to FALSE to disable this
* criteria.
* @param bool $html
* A variable, passed by reference, that indicates whether or not the
* string contains HTML.
*
* @return bool
* Returns TRUE if the $string is considered "simple", FALSE otherwise.
*/
public static function isSimple($string, $length = 250, $allowed_tags = NULL, &$html = FALSE)
{
// Typecast to a string (if an object).
$string_clone = (string) $string;
// Use the advanced drupal_static() pattern.
static $drupal_static_fast;
if (!isset($drupal_static_fast)) {
$drupal_static_fast['strings'] =& drupal_static(__METHOD__);
}
$strings =& $drupal_static_fast['strings'];
if (!isset($strings[$string_clone])) {
$plain_string = strip_tags($string_clone);
$simple = TRUE;
if ($allowed_tags !== FALSE) {
$filtered_string = Xss::filter($string_clone, $allowed_tags);
$html = $filtered_string !== $plain_string;
$simple = $simple && $string_clone === $filtered_string;
}
if ($length !== FALSE) {
$simple = $simple && strlen($plain_string) <= intval($length);
}
$strings[$string_clone] = $simple;
}
return $strings[$string_clone];
}
示例3: process
/**
* {@inheritdoc}
*/
public function process($text, $langcode)
{
$allowed_tags = array_filter($this->settings['restrictions']['allowed'], function ($value) {
return is_array($value) || (bool) $value !== FALSE;
});
return new FilterProcessResult(Xss::filter($text, array_keys($allowed_tags)));
}
示例4: getTextContent
/**
* Retrieves the plain-text content from the current raw content.
*/
protected function getTextContent() {
if (!isset($this->plainTextContent)) {
$raw_content = $this->getRawContent();
// Strip everything between the HEAD tags.
$raw_content = preg_replace('@<head>(.+?)</head>@si', '', $raw_content);
$this->plainTextContent = Xss::filter($raw_content, array());
}
return $this->plainTextContent;
}
示例5: testExecutionOrder
/**
* Tests execution order of hook_form_alter() and hook_form_FORM_ID_alter().
*/
function testExecutionOrder()
{
$this->drupalGet('form-test/alter');
// Ensure that the order is first by module, then for a given module, the
// id-specific one after the generic one.
$expected = array('block_form_form_test_alter_form_alter() executed.', 'form_test_form_alter() executed.', 'form_test_form_form_test_alter_form_alter() executed.', 'system_form_form_test_alter_form_alter() executed.');
$content = preg_replace('/\\s+/', ' ', Xss::filter($this->content, array()));
$this->assert(strpos($content, implode(' ', $expected)) !== FALSE, 'Form alter hooks executed in the expected order.');
}
示例6: getOptions
/**
* Returns the array of recipient handler labels.
* @todo documentation
*/
public function getOptions()
{
$handlers = $this->getDefinitions();
$allowed_values = array();
foreach ($handlers as $handler => $settings) {
$allowed_values[$handler] = Xss::filter($settings['title']);
}
return $allowed_values;
}
示例7: testCustomFieldXss
/**
* Ensure that custom field content is XSS filtered.
*/
public function testCustomFieldXss()
{
$view = Views::getView('test_view');
$view->setDisplay();
// Alter the text of the field to include XSS.
$text = '<script>alert("kittens")</script>';
$view->displayHandlers->get('default')->overrideOption('fields', array('name' => array('id' => 'name', 'table' => 'views_test_data', 'field' => 'name', 'relationship' => 'none', 'alter' => array('text' => $text))));
$this->executeView($view);
$this->assertEqual(Xss::filter($text), $view->style_plugin->getField(0, 'name'));
}
示例8: at_core_submit_custom_css
function at_core_submit_custom_css($values, $generated_files_path)
{
$custom_css = '';
if (!empty($values['settings_custom_css'])) {
// sanitize user entered data
$custom_css = Xss::filter($values['settings_custom_css']);
}
$file_name = 'custom-css.css';
$filepath = $generated_files_path . '/' . $file_name;
file_unmanaged_save_data($custom_css, $filepath, FILE_EXISTS_REPLACE);
}
示例9: process
/**
* {@inheritdoc}
*/
public function process($text, $langcode)
{
$restrictions = $this->getHtmlRestrictions();
// Split the work into two parts. For filtering HTML tags out of the content
// we rely on the well-tested Xss::filter() code. Since there is no '*' tag
// that needs to be removed from the list.
unset($restrictions['allowed']['*']);
$text = Xss::filter($text, array_keys($restrictions['allowed']));
// After we've done tag filtering, we do attribute and attribute value
// filtering as the second part.
return new FilterProcessResult($this->filterAttributes($text));
}
示例10: checkoutInfo
/**
* {@inheritdoc}
*/
public function checkoutInfo(JobInterface $job)
{
$tuid = $job->getSetting('translator');
if ($tuid && ($translator = User::load($tuid))) {
$form['job_status'] = array('#type' => 'item', '#title' => t('Job status'), '#markup' => t('Translation job is assigned to %name.', array('%name' => $translator->getUsername())));
} else {
$form['job_status'] = array('#type' => 'item', '#title' => t('Job status'), '#markup' => t('Translation job is not assigned to any user.'));
}
if ($job->getSetting('job_comment')) {
$form['job_comment'] = array('#type' => 'item', '#title' => t('Job comment'), '#markup' => Xss::filter($job->getSetting('job_comment')));
}
return $form;
}
示例11: fieldFilterXss
/**
* Filters an HTML string to prevent XSS vulnerabilities.
*
* Like \Drupal\Component\Utility\Xss::filterAdmin(), but with a shorter list
* of allowed tags.
*
* Used for items entered by administrators, like field descriptions, allowed
* values, where some (mainly inline) mark-up may be desired (so
* \Drupal\Component\Utility\SafeMarkup::checkPlain() is not acceptable).
*
* @param string $string
* The string with raw HTML in it.
*
* @return \Drupal\Component\Utility\SafeMarkup
* An XSS safe version of $string, or an empty string if $string is not
* valid UTF-8.
*/
public function fieldFilterXss($string)
{
// All known XSS vectors are filtered out by
// \Drupal\Component\Utility\Xss::filter(), all tags in the markup are
// allowed intentionally by the trait, and no danger is added in by
// \Drupal\Component\Utility\HTML::normalize(). Since the normalized value
// is essentially the same markup, designate this string as safe as well.
// This method is an internal part of field sanitization, so the resultant,
// sanitized string should be printable as is.
//
// @todo Free this memory in https://www.drupal.org/node/2505963.
return SafeMarkup::set(Html::normalize(Xss::filter($string, $this->allowedTags())));
}
示例12: zen
/**
* {@inheritdoc}
*/
public function zen()
{
$principles = $this->principleManager->getAllPrinciples();
$title = t('My mind is empty.');
if (count($principles) > 0) {
// Get a random item from the array of principles
$k = array_rand($principles);
$principle = $principles[$k];
$title = Xss::filter($principle->title);
}
$build = array('#type' => 'markup', '#markup' => $title);
return new Response(\Drupal::service('renderer')->renderRoot($build));
}
示例13: create
/**
* Overrides \Drupal\Component\Utility\SafeStringTrait::create().
*
* @return string|\Drupal\Component\Utility\SafeStringInterface
* A safe string filtered with the allowed tag list and normalized.
*
* @see \Drupal\Core\Field\FieldFilteredString::allowedTags()
* @see \Drupal\Component\Utility\Xss::filter()
* @see \Drupal\Component\Utility\Html::normalize()
*/
public static function create($string)
{
$string = (string) $string;
if ($string === '') {
return '';
}
$safe_string = new static();
// All known XSS vectors are filtered out by
// \Drupal\Component\Utility\Xss::filter(), all tags in the markup are
// allowed intentionally by the trait, and no danger is added in by
// \Drupal\Component\Utility\HTML::normalize(). Since the normalized value
// is essentially the same markup, designate this string as safe as well.
// This method is an internal part of field sanitization, so the resultant,
// sanitized string should be printable as is.
$safe_string->string = Html::normalize(Xss::filter($string, static::allowedTags()));
return $safe_string;
}
示例14: process
/**
* {@inheritdoc}
*/
public function process($text, $langcode)
{
$result = new FilterProcessResult($text);
if (stristr($text, 'data-caption') !== FALSE) {
$dom = Html::load($text);
$xpath = new \DOMXPath($dom);
foreach ($xpath->query('//*[@data-caption]') as $node) {
// Read the data-caption attribute's value, then delete it.
$caption = Html::escape($node->getAttribute('data-caption'));
$node->removeAttribute('data-caption');
// Sanitize caption: decode HTML encoding, limit allowed HTML tags; only
// allow inline tags that are allowed by default, plus <br>.
$caption = Html::decodeEntities($caption);
$caption = FilteredMarkup::create(Xss::filter($caption, array('a', 'em', 'strong', 'cite', 'code', 'br')));
// The caption must be non-empty.
if (Unicode::strlen($caption) === 0) {
continue;
}
// Given the updated node and caption: re-render it with a caption, but
// bubble up the value of the class attribute of the captioned element,
// this allows it to collaborate with e.g. the filter_align filter.
$tag = $node->tagName;
$classes = $node->getAttribute('class');
$node->removeAttribute('class');
$node = $node->parentNode->tagName === 'a' ? $node->parentNode : $node;
$filter_caption = array('#theme' => 'filter_caption', '#node' => FilteredMarkup::create($node->C14N()), '#tag' => $tag, '#caption' => $caption, '#classes' => $classes);
$altered_html = drupal_render($filter_caption);
// Load the altered HTML into a new DOMDocument and retrieve the element.
$updated_nodes = Html::load($altered_html)->getElementsByTagName('body')->item(0)->childNodes;
foreach ($updated_nodes as $updated_node) {
// Import the updated node from the new DOMDocument into the original
// one, importing also the child nodes of the updated node.
$updated_node = $dom->importNode($updated_node, TRUE);
$node->parentNode->insertBefore($updated_node, $node);
}
// Finally, remove the original data-caption node.
$node->parentNode->removeChild($node);
}
$result->setProcessedText(Html::serialize($dom))->addAttachments(array('library' => array('filter/caption')));
}
return $result;
}
示例15: submitConfigurationForm
/**
* {@inheritdoc}
*/
public function submitConfigurationForm(array &$form, FormStateInterface $form_state)
{
$this->configuration['wrappers'] = $form_state->getValue('region_wrapper');
foreach (['outer_wrapper', 'attributes', 'link_attribute', 'link_custom'] as $name) {
$this->configuration[$name] = $this->configuration['wrappers'][$name];
unset($this->configuration['wrappers'][$name]);
}
// Apply Xss::filter to attributes.
$this->configuration['attributes'] = Xss::filter($this->configuration['attributes']);
// In case classes is missing entirely, use the defaults.
$defaults = $this->defaultConfiguration();
$this->configuration['classes'] = $form_state->getValue('ds_classes', $defaults['classes']);
// Do not save empty classes.
foreach ($this->configuration['classes'] as $region_name => &$classes) {
foreach ($classes as $class) {
if (empty($class)) {
unset($classes[$class]);
}
}
}
}