3 namespace Drupal\Core\Field;
6 * Useful methods when dealing with displaying allowed tags.
8 * @deprecated in Drupal 8.0.x, will be removed before Drupal 9.0.0. Use
9 * \Drupal\Core\Field\FieldFilteredMarkup instead.
11 * @see \Drupal\Core\Field\FieldFilteredMarkup
13 trait AllowedTagsXssTrait {
16 * Filters an HTML string to prevent XSS vulnerabilities.
18 * Like \Drupal\Component\Utility\Xss::filterAdmin(), but with a shorter list
21 * Used for items entered by administrators, like field descriptions, allowed
22 * values, where some (mainly inline) mark-up may be desired (so
23 * \Drupal\Component\Utility\Html::escape() is not acceptable).
25 * @param string $string
26 * The string with raw HTML in it.
28 * @return \Drupal\Core\Field\FieldFilteredMarkup
29 * An XSS safe version of $string, or an empty string if $string is not
32 public function fieldFilterXss($string) {
33 return FieldFilteredMarkup::create($string);
37 * Returns a list of tags allowed by AllowedTagsXssTrait::fieldFilterXss().
39 public function allowedTags() {
40 return FieldFilteredMarkup::allowedTags();
44 * Returns a human-readable list of allowed tags for display in help texts.
46 public function displayAllowedTags() {
47 return FieldFilteredMarkup::displayAllowedTags();