Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
project
drupal
Commits
52a40a7d
Commit
52a40a7d
authored
Feb 28, 2014
by
Nathaniel Catchpole
Browse files
Issue
#2204151
by sun: Remove deprecated drupal_strip_dangerous_protocols().
parent
bd3fa059
Changes
1
Hide whitespace changes
Inline
Side-by-side
core/includes/common.inc
View file @
52a40a7d
...
...
@@ -635,32 +635,6 @@ function valid_url($url, $absolute = FALSE) {
* on writing secure code.
*/
/**
* Strips dangerous protocols (e.g. 'javascript:') from a URI.
*
* This function must be called for all URIs within user-entered input prior
* to being output to an HTML attribute value. It is often called as part of
* check_url() or filter_xss(), but those functions return an HTML-encoded
* string, so this function can be called independently when the output needs to
* be a plain-text string for passing to t(), l(),
* Drupal\Core\Template\Attribute, or another function that will call
* \Drupal\Component\Utility\String::checkPlain() separately.
*
* @param $uri
* A plain-text URI that might contain dangerous protocols.
*
* @return
* A plain-text URI stripped of dangerous protocols. As with all plain-text
* strings, this return value must not be output to an HTML page without
* \Drupal\Component\Utility\String::checkPlain() being called on it. However,
* it can be passed to functions expecting plain-text strings.
*
* @see \Drupal\Component\Utility\Url::stripDangerousProtocols()
*/
function
drupal_strip_dangerous_protocols
(
$uri
)
{
return
Url
::
stripDangerousProtocols
(
$uri
);
}
/**
* Strips dangerous protocols from a URI and encodes it for output to HTML.
*
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment