protected function Renderer::xssFilterAdminIfUnsafe
protected Renderer::xssFilterAdminIfUnsafe($string)
Applies a very permissive XSS/HTML filter for admin-only use.
Note: This method only filters if $string is not marked safe already. This ensures that HTML intended for display is not filtered.
Parameters
string|\Drupal\Core\Render\Markup $string: A string.
Return value
\Drupal\Core\Render\Markup The escaped string wrapped in a Markup object. If the string is an instance of \Drupal\Component\Render\MarkupInterface, it won't be escaped again.
File
- core/lib/Drupal/Core/Render/Renderer.php, line 679
Class
- Renderer
- Turns a render array into a HTML string.
Namespace
Drupal\Core\RenderCode
protected function xssFilterAdminIfUnsafe($string) { if (!($string instanceof MarkupInterface)) { $string = Xss::filterAdmin($string); } return Markup::create($string); }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!lib!Drupal!Core!Render!Renderer.php/function/Renderer::xssFilterAdminIfUnsafe/8.1.x