function filter_xss_split
Search API
| 6.x misc.inc | filter_xss_split($m, $store = FALSE) |
| 4.x misc.inc | filter_xss_split($m, $store = FALSE) |
| 5.x misc.inc | filter_xss_split($m, $store = FALSE) |
Like the filter_xss function, this is taken from D7's _filter_xss_split function
1 call to filter_xss_split()
- filter_xss in includes/
misc.inc - This function is taken almost directly from Drupal 7's core code. It is used to help us filter out dangerous HTML which the user might type. From the D7 documentation:
1 string reference to 'filter_xss_split'
- filter_xss in includes/
misc.inc - This function is taken almost directly from Drupal 7's core code. It is used to help us filter out dangerous HTML which the user might type. From the D7 documentation:
File
- includes/
misc.inc, line 550 - This file contains misc functions for FlightPath
Code
function filter_xss_split($m, $store = FALSE) {
static $allowed_html;
if ($store) {
$allowed_html = array_flip($m);
return;
}
$string = $m [1];
if (substr($string, 0, 1) != '<') {
// We matched a lone ">" character.
return '>';
}
elseif (strlen($string) == 1) {
// We matched a lone "<" character.
return '<';
}
if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
// Seriously malformed.
return '';
}
$slash = trim($matches [1]);
$elem = &$matches [2];
$attrlist = &$matches [3];
$comment = &$matches [4];
if ($comment) {
$elem = '!--';
}
if (!isset($allowed_html [strtolower($elem)])) {
// Disallowed HTML element.
return '';
}
if ($comment) {
return $comment;
}
if ($slash != '') {
return "</$elem>";
}
// Is there a closing XHTML slash at the end of the attributes?
$attrlist = preg_replace('%(\s?)/\s*$%', '\1', $attrlist, -1, $count);
$xhtml_slash = $count ? ' /' : '';
// Clean up attributes.
$attr2 = implode(' ', filter_xss_attributes($attrlist));
$attr2 = preg_replace('/[<>]/', '', $attr2);
$attr2 = strlen($attr2) ? ' ' . $attr2 : '';
return "<$elem$attr2$xhtml_slash>";
}