function filter_xss_split

6.x misc.inc filter_xss_split($m, $store = FALSE)
7.x misc.inc filter_xss_split($m, $store = FALSE)
4.x misc.inc filter_xss_split($m, $store = FALSE)
5.x misc.inc filter_xss_split($m, $store = FALSE)

Like the filter_xss function, this is taken from D7's _filter_xss_split function

1 call to filter_xss_split()
filter_xss in includes/misc.inc
This function is taken almost directly from Drupal 7's core code. It is used to help us filter out dangerous HTML which the user might type. From the D7 documentation:
1 string reference to 'filter_xss_split'
filter_xss in includes/misc.inc
This function is taken almost directly from Drupal 7's core code. It is used to help us filter out dangerous HTML which the user might type. From the D7 documentation:

File

includes/misc.inc, line 1121
This file contains misc functions for FlightPath

Code

function filter_xss_split($m, $store = FALSE) {
  static $allowed_html;

  if ($store) {
    $allowed_html = array_flip($m);
    return;
  }

  $string = $m [1];

  if (substr($string, 0, 1) != '<') {
    // We matched a lone ">" character.
    return '&gt;';
  }
  elseif (strlen($string) == 1) {
    // We matched a lone "<" character.
    return '&lt;';
  }

  if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?|(<!--.*?-->)$%', $string, $matches)) {
    // Seriously malformed.
    return '';
  }

  $slash = trim($matches [1]);
  $elem = &$matches [2];
  $attrlist = &$matches [3];
  $comment = &$matches [4];

  if ($comment) {
    $elem = '!--';
  }

  if (!isset($allowed_html [strtolower($elem)])) {
    // Disallowed HTML element.
    return '';
  }

  if ($comment) {
    return $comment;
  }

  if ($slash != '') {
    return "</$elem>";
  }

  // Is there a closing XHTML slash at the end of the attributes?
  $attrlist = preg_replace('%(\s?)/\s*$%', '\1', $attrlist, -1, $count);
  $xhtml_slash = $count ? ' /' : '';

  // Clean up attributes.
  $attr2 = implode(' ', filter_xss_attributes($attrlist));
  $attr2 = preg_replace('/[<>]/', '', $attr2);
  $attr2 = strlen($attr2) ? ' ' . $attr2 : '';

  return "<$elem$attr2$xhtml_slash>";
}