Commit 48d0043b authored by xjm's avatar xjm
Browse files

Issue #2501441 by mlncn, joelpittet, cilefen: Document SafeMarkup::set in...

Issue #2501441 by mlncn, joelpittet, cilefen: Document SafeMarkup::set in AllowedTagsXssTrait::fieldFilterXss
parent 7ef3c8c7
...@@ -33,6 +33,15 @@ trait AllowedTagsXssTrait { ...@@ -33,6 +33,15 @@ trait AllowedTagsXssTrait {
* valid UTF-8. * valid UTF-8.
*/ */
public function fieldFilterXss($string) { public function fieldFilterXss($string) {
// All known XSS vectors are filtered out by
// \Drupal\Component\Utility\Xss::filter(), all tags in the markup are
// allowed intentionally by the trait, and no danger is added in by
// \Drupal\Component\Utility\HTML::normalize(). Since the normalized value
// is essentially the same markup, designate this string as safe as well.
// This method is an internal part of field sanitization, so the resultant,
// sanitized string should be printable as is.
// @todo Free this memory in
return SafeMarkup::set(Html::normalize(Xss::filter($string, $this->allowedTags()))); return SafeMarkup::set(Html::normalize(Xss::filter($string, $this->allowedTags())));
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment