Commit 08beef03 authored by alexpott's avatar alexpott
Browse files

Issue #2556895 by mpdonadio: Fix comment in Xss::filter()

parent 6ad03576
......@@ -88,10 +88,7 @@ public static function filter($string, array $html_tags = NULL) {
$splitter = function ($matches) use ($html_tags, $class) {
return $class::split($matches[1], $html_tags, $class);
// Strip any tags that are not in the whitelist, then mark the text as safe
// for output. All other known XSS vectors have been filtered out by this
// point and any HTML tags remaining will have been deliberately allowed, so
// it is acceptable to call SafeMarkup::set() on the resultant string.
// Strip any tags that are not in the whitelist.
return preg_replace_callback('%
<(?=[^a-zA-Z!/]) # a lone <
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment