function field_filter_xss

Filters an HTML string to prevent cross-site-scripting (XSS) vulnerabilities.

Like filter_xss_admin(), but with a shorter list of allowed tags.

Used for items entered by administrators, like field descriptions, allowed values, where some (mainly inline) mark-up may be desired (so drupal_htmlspecialchars() is not acceptable).

Parameters

$string: The string with raw HTML in it.

Return value

An XSS safe version of $string, or an empty string if $string is not valid UTF-8.

Related topics

8 calls to field_filter_xss()
FieldList::summary_name in drupal/core/modules/field/lib/Drupal/field/Plugin/views/argument/FieldList.php
Provides the name to use for the summary. By default this is just the name field.
FileWidget::formMultipleElements in drupal/core/modules/file/lib/Drupal/file/Plugin/field/widget/FileWidget.php
Overrides \Drupal\field\Plugin\Type\Widget\WidgetBase::formMultipleElements().
ListString::summary_name in drupal/core/modules/field/lib/Drupal/field/Plugin/views/argument/ListString.php
Provides the name to use for the summary. By default this is just the name field.
NumberWidget::formElement in drupal/core/modules/field/modules/number/lib/Drupal/number/Plugin/field/widget/NumberWidget.php
Implements Drupal\field\Plugin\Type\Widget\WidgetInterface::formElement().
options_field_formatter_view in drupal/core/modules/field/modules/options/options.module
Implements hook_field_formatter_view().

... See full list

1 string reference to 'field_filter_xss'
DefaultNumberFormatter::viewElements in drupal/core/modules/field/modules/number/lib/Drupal/number/Plugin/field/formatter/DefaultNumberFormatter.php
Implements Drupal\field\Plugin\Type\Formatter\FormatterInterface::viewElements().

File

drupal/core/modules/field/field.module, line 817
Attach custom data fields to Drupal entities.

Code

function field_filter_xss($string) {
  return filter_xss($string, _field_filter_xss_allowed_tags());
}