Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities.
Based on kses by Ulf Harnhammar, see http://sourceforge.net/projects/kses. For examples of various XSS attacks, see: http://ha.ckers.org/xss.html.
This code does four things:
$string: The string with raw HTML in it. It will be stripped of everything that can cause an XSS attack.
$allowed_tags: An array of allowed tags.
An XSS safe version of $string, or an empty string if $string is not valid UTF-8.
\Drupal\Component\Utility\Xss::filter()
function filter_xss($string, $allowed_tags = array(
'a',
'em',
'strong',
'cite',
'blockquote',
'code',
'ul',
'ol',
'li',
'dl',
'dt',
'dd',
)) {
return Xss::filter($string, $allowed_tags);
}