php Drupal-Component-Utility-Xss类(方法)实例源码

下面列出了php Drupal-Component-Utility-Xss 类(方法)源码代码实例,从而了解它的用法。

作者:nsp1    项目:Drupal   
/**
  * Retrieves the plain-text content from the current raw content.
  */
 protected function getTextContent()
 {
     if (!isset($this->plainTextContent)) {
         $this->plainTextContent = Xss::filter($this->getRawContent(), array());
     }
     return $this->plainTextContent;
 }

作者:nstiela    项目:drops-   
/**
  * Tests the integration.
  */
 public function testIntegration()
 {
     // Remove the watchdog entries added by the potential batch process.
     $this->container->get('database')->truncate('watchdog')->execute();
     $entries = array();
     // Setup a watchdog entry without tokens.
     $entries[] = array('message' => $this->randomMachineName(), 'variables' => array('link' => \Drupal::l('Link', new Url('<front>'))));
     // Setup a watchdog entry with one token.
     $entries[] = array('message' => '@token1', 'variables' => array('@token1' => $this->randomMachineName(), 'link' => \Drupal::l('Link', new Url('<front>'))));
     // Setup a watchdog entry with two tokens.
     $entries[] = array('message' => '@token1 !token2', 'variables' => array('@token1' => $this->randomMachineName(), '!token2' => $this->randomMachineName(), 'link' => \Drupal::l(SafeMarkup::set('<object>Link</object>'), new Url('<front>'))));
     $logger_factory = $this->container->get('logger.factory');
     foreach ($entries as $entry) {
         $entry += array('type' => 'test-views', 'severity' => RfcLogLevel::NOTICE);
         $logger_factory->get($entry['type'])->log($entry['severity'], $entry['message'], $entry['variables']);
     }
     $view = Views::getView('test_dblog');
     $this->executeView($view);
     $view->initStyle();
     foreach ($entries as $index => $entry) {
         $this->assertEqual($view->style_plugin->getField($index, 'message'), SafeMarkup::format($entry['message'], $entry['variables']));
         $this->assertEqual($view->style_plugin->getField($index, 'link'), Xss::filterAdmin($entry['variables']['link']));
     }
     // Disable replacing variables and check that the tokens aren't replaced.
     $view->destroy();
     $view->storage->invalidateCaches();
     $view->initHandlers();
     $this->executeView($view);
     $view->initStyle();
     $view->field['message']->options['replace_variables'] = FALSE;
     foreach ($entries as $index => $entry) {
         $this->assertEqual($view->style_plugin->getField($index, 'message'), $entry['message']);
     }
 }

作者:isram    项目:camp-gd   
/**
  * Redirects on 403 Access Denied kernel exceptions.
  *
  * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
  *   The Event to process.
  */
 public function onKernelException(GetResponseEvent $event)
 {
     $exception = $event->getException();
     if (!$exception instanceof AccessDeniedHttpException) {
         return;
     }
     $config = $this->configFactory->get('r4032login.settings');
     $options = array();
     $options['query'] = $this->redirectDestination->getAsArray();
     $options['absolute'] = TRUE;
     $code = $config->get('default_redirect_code');
     if ($this->currentUser->isAnonymous()) {
         // Show custom access denied message if set.
         if ($config->get('display_denied_message')) {
             $message = $config->get('access_denied_message');
             $message_type = $config->get('access_denied_message_type');
             drupal_set_message(Xss::filterAdmin($message), $message_type);
         }
         // Handle redirection to the login form.
         $login_route = $config->get('user_login_route');
         $url = Url::fromRoute($login_route, array(), $options)->toString();
         $response = new RedirectResponse($url, $code);
         $event->setResponse($response);
     } else {
         // Check to see if we are to redirect the user.
         $redirect = $config->get('redirect_authenticated_users_to');
         if ($redirect) {
             // Custom access denied page for logged in users.
             $url = Url::fromUserInput($redirect, $options)->toString();
             $response = new RedirectResponse($url, $code);
             $event->setResponse($response);
         }
     }
 }

作者:alnutil    项目:drunatr   
/**
  * Overrides \Drupal\views\Plugin\views\style\StylePluginBase\StylePluginBase::render().
  */
 public function render()
 {
     if (!empty($this->view->live_preview)) {
         return parent::render();
     }
     // Group the rows according to the grouping field, if specified.
     $sets = $this->renderGrouping($this->view->result, $this->options['grouping']);
     // Grab the alias of the 'id' field added by
     // entity_reference_plugin_display.
     $id_field_alias = $this->view->storage->get('base_field');
     // @todo We don't display grouping info for now. Could be useful for select
     // widget, though.
     $results = array();
     $this->view->row_index = 0;
     foreach ($sets as $records) {
         foreach ($records as $values) {
             // Sanitize HTML, remove line breaks and extra whitespace.
             $output = $this->view->rowPlugin->render($values);
             $output = drupal_render($output);
             $results[$values->{$id_field_alias}] = Xss::filterAdmin(preg_replace('/\\s\\s+/', ' ', str_replace("\n", '', $output)));
             $this->view->row_index++;
         }
     }
     unset($this->view->row_index);
     return $results;
 }

作者:anatalsce    项目:en-class   
/**
  * Tests the integration.
  */
 public function testIntegration()
 {
     // Remove the watchdog entries added by the potential batch process.
     $this->container->get('database')->truncate('watchdog')->execute();
     $entries = array();
     // Setup a watchdog entry without tokens.
     $entries[] = array('message' => $this->randomMachineName(), 'variables' => array(), 'link' => l('Link', 'node/1'));
     // Setup a watchdog entry with one token.
     $entries[] = array('message' => '@token1', 'variables' => array('@token1' => $this->randomMachineName()), 'link' => l('Link', 'node/2'));
     // Setup a watchdog entry with two tokens.
     $entries[] = array('message' => '@token1 !token2', 'variables' => array('@token1' => $this->randomMachineName(), '!token2' => $this->randomMachineName()), 'link' => l('<object>Link</object>', 'node/2', array('html' => TRUE)));
     foreach ($entries as $entry) {
         $entry += array('type' => 'test-views', 'severity' => WATCHDOG_NOTICE);
         watchdog($entry['type'], $entry['message'], $entry['variables'], $entry['severity'], $entry['link']);
     }
     $view = Views::getView('test_dblog');
     $this->executeView($view);
     $view->initStyle();
     foreach ($entries as $index => $entry) {
         $this->assertEqual($view->style_plugin->getField($index, 'message'), String::format($entry['message'], $entry['variables']));
         $this->assertEqual($view->style_plugin->getField($index, 'link'), Xss::filterAdmin($entry['link']));
     }
     // Disable replacing variables and check that the tokens aren't replaced.
     $view->destroy();
     $view->initHandlers();
     $this->executeView($view);
     $view->initStyle();
     $view->field['message']->options['replace_variables'] = FALSE;
     foreach ($entries as $index => $entry) {
         $this->assertEqual($view->style_plugin->getField($index, 'message'), $entry['message']);
     }
 }

作者:pedrocone    项目:hydrotool   
/**
  * {@inheritdoc}
  */
 public function completeSale($order, $login = FALSE)
 {
     // Empty that cart...
     $this->emptyCart();
     // Force the order to load from the DB instead of the entity cache.
     // @todo Remove this once uc_payment_enter() can modify order objects?
     // @todo Should we be overwriting $order with this newly-loaded db_order?
     $db_order = $this->entityManager()->getStorage('uc_order')->loadUnchanged($order->id());
     $order->data = $db_order->data;
     // Ensure that user creation and triggers are only run once.
     if (empty($order->data->complete_sale)) {
         $this->completeSaleAccount($order);
         // Move an order's status from "In checkout" to "Pending".
         if ($order->getStateId() == 'in_checkout') {
             $order->setStatusId(uc_order_state_default('post_checkout'));
         }
         $order->save();
         // Invoke the checkout complete trigger and hook.
         $account = $order->getUser();
         $this->moduleHandler()->invokeAll('uc_checkout_complete', array($order, $account));
         // rules_invoke_event('uc_checkout_complete', $order);
     }
     $type = $order->data->complete_sale;
     // Log in new users, if requested.
     if ($type == 'new_user' && $login && $this->currentUser()->isAnonymous()) {
         $type = 'new_user_logged_in';
         user_login_finalize($order->getUser());
     }
     $message = $this->config('uc_cart.messages')->get($type);
     $message = \Drupal::token()->replace($message, array('uc_order' => $order));
     $variables['!new_username'] = isset($order->data->new_user_name) ? $order->data->new_user_name : '';
     $variables['!new_password'] = isset($order->password) ? $order->password : t('Your password');
     $message = strtr($message, $variables);
     return array('#theme' => 'uc_cart_complete_sale', '#message' => Xss::filterAdmin($message), '#order' => $order);
 }

作者:Suite    项目:feelmyboo   
/**
  * Determines if a string of text is considered "simple".
  *
  * @param string $string
  *   The string of text to check "simple" criteria on.
  * @param int|FALSE $length
  *   The length of characters used to determine whether or not $string is
  *   considered "simple". Set explicitly to FALSE to disable this criteria.
  * @param array|FALSE $allowed_tags
  *   An array of allowed tag elements. Set explicitly to FALSE to disable this
  *   criteria.
  * @param bool $html
  *   A variable, passed by reference, that indicates whether or not the
  *   string contains HTML.
  *
  * @return bool
  *   Returns TRUE if the $string is considered "simple", FALSE otherwise.
  */
 public static function isSimple($string, $length = 250, $allowed_tags = NULL, &$html = FALSE)
 {
     // Typecast to a string (if an object).
     $string_clone = (string) $string;
     // Use the advanced drupal_static() pattern.
     static $drupal_static_fast;
     if (!isset($drupal_static_fast)) {
         $drupal_static_fast['strings'] =& drupal_static(__METHOD__);
     }
     $strings =& $drupal_static_fast['strings'];
     if (!isset($strings[$string_clone])) {
         $plain_string = strip_tags($string_clone);
         $simple = TRUE;
         if ($allowed_tags !== FALSE) {
             $filtered_string = Xss::filter($string_clone, $allowed_tags);
             $html = $filtered_string !== $plain_string;
             $simple = $simple && $string_clone === $filtered_string;
         }
         if ($length !== FALSE) {
             $simple = $simple && strlen($plain_string) <= intval($length);
         }
         $strings[$string_clone] = $simple;
     }
     return $strings[$string_clone];
 }

作者:aWEBoLab    项目:tax   
/**
  * {@inheritdoc}
  */
 public function build()
 {
     $this->view->display_handler->preBlockBuild($this);
     // We ask ViewExecutable::buildRenderable() to avoid creating a render cache
     // entry for the view output by passing FALSE, because we're going to cache
     // the whole block instead.
     if ($output = $this->view->buildRenderable($this->displayID, [], FALSE)) {
         // Override the label to the dynamic title configured in the view.
         if (empty($this->configuration['views_label']) && $this->view->getTitle()) {
             $output['#title'] = ['#markup' => $this->view->getTitle(), '#allowed_tags' => Xss::getHtmlTagList()];
         }
         // Before returning the block output, convert it to a renderable array
         // with contextual links.
         $this->addContextualLinks($output);
         // Block module expects to get a final render array, without another
         // top-level #pre_render callback. So, here we make sure that Views'
         // #pre_render callback has already been applied.
         $output = View::preRenderViewElement($output);
         // When view_build is empty, the actual render array output for this View
         // is going to be empty. In that case, return just #cache, so that the
         // render system knows the reasons (cache contexts & tags) why this Views
         // block is empty, and can cache it accordingly.
         if (empty($output['view_build'])) {
             $output = ['#cache' => $output['#cache']];
         }
         return $output;
     }
     return array();
 }

作者:jasonruyl    项目:crm_cor   
/**
  * {@inheritdoc}
  */
 public function buildRow(EntityInterface $entity)
 {
     $row = array();
     $row['title'] = array('data' => $this->getLabel($entity), 'class' => array('menu-label'));
     $row['description'] = Xss::filterAdmin($entity->description);
     return $row + parent::buildRow($entity);
 }

作者:ddrozdi    项目:dmap   
/**
  * {@inheritdoc}
  */
 public function process($text, $langcode)
 {
     $allowed_tags = array_filter($this->settings['restrictions']['allowed'], function ($value) {
         return is_array($value) || (bool) $value !== FALSE;
     });
     return new FilterProcessResult(Xss::filter($text, array_keys($allowed_tags)));
 }

作者:davidsoloma    项目:drupalconsole.co   
/**
  * {@inheritdoc}
  */
 public function execute($entity = NULL)
 {
     if (empty($this->configuration['node'])) {
         $this->configuration['node'] = $entity;
     }
     $message = $this->token->replace(Xss::filterAdmin($this->configuration['message']), $this->configuration);
     drupal_set_message($message);
 }

作者:aritnath199    项目:simplenewslates   
/**
  * Returns the array of recipient handler labels.
  * @todo documentation
  */
 public function getOptions()
 {
     $handlers = $this->getDefinitions();
     $allowed_values = array();
     foreach ($handlers as $handler => $settings) {
         $allowed_values[$handler] = Xss::filter($settings['title']);
     }
     return $allowed_values;
 }

作者:jthorese    项目:PladsenDrupa   
/**
  * Retrieves the plain-text content from the current raw content.
  */
 protected function getTextContent() {
   if (!isset($this->plainTextContent)) {
     $raw_content = $this->getRawContent();
     // Strip everything between the HEAD tags.
     $raw_content = preg_replace('@<head>(.+?)</head>@si', '', $raw_content);
     $this->plainTextContent = Xss::filter($raw_content, array());
   }
   return $this->plainTextContent;
 }

作者:sarahwille    项目:OD   
/**
  * Tests execution order of hook_form_alter() and hook_form_FORM_ID_alter().
  */
 function testExecutionOrder()
 {
     $this->drupalGet('form-test/alter');
     // Ensure that the order is first by module, then for a given module, the
     // id-specific one after the generic one.
     $expected = array('block_form_form_test_alter_form_alter() executed.', 'form_test_form_alter() executed.', 'form_test_form_form_test_alter_form_alter() executed.', 'system_form_form_test_alter_form_alter() executed.');
     $content = preg_replace('/\\s+/', ' ', Xss::filter($this->content, array()));
     $this->assert(strpos($content, implode(' ', $expected)) !== FALSE, 'Form alter hooks executed in the expected order.');
 }

作者:briefmedia-digita    项目:drupal   
/**
  * Ensure that custom field content is XSS filtered.
  */
 public function testCustomFieldXss()
 {
     $view = Views::getView('test_view');
     $view->setDisplay();
     // Alter the text of the field to include XSS.
     $text = '<script>alert("kittens")</script>';
     $view->displayHandlers->get('default')->overrideOption('fields', array('name' => array('id' => 'name', 'table' => 'views_test_data', 'field' => 'name', 'relationship' => 'none', 'alter' => array('text' => $text))));
     $this->executeView($view);
     $this->assertEqual(Xss::filter($text), $view->style_plugin->getField(0, 'name'));
 }

作者:neetumorwan    项目:bloggin   
function at_core_submit_custom_css($values, $generated_files_path)
{
    $custom_css = '';
    if (!empty($values['settings_custom_css'])) {
        // sanitize user entered data
        $custom_css = Xss::filter($values['settings_custom_css']);
    }
    $file_name = 'custom-css.css';
    $filepath = $generated_files_path . '/' . $file_name;
    file_unmanaged_save_data($custom_css, $filepath, FILE_EXISTS_REPLACE);
}

作者:pedrocone    项目:hydrotool   
/**
  * {@inheritdoc}
  */
 public function view(OrderInterface $order, array $form, FormStateInterface $form_state)
 {
     $contents['#description'] = Xss::filterAdmin(\Drupal::config('uc_quote.settings')->get('pane_description'));
     $contents['#attached']['library'][] = 'uc_quote/uc_quote.styles';
     $contents['uid'] = array('#type' => 'hidden', '#value' => \Drupal::currentUser()->id());
     $contents['quote_button'] = array('#type' => 'submit', '#value' => t('Click to calculate shipping'), '#submit' => [[$this, 'paneSubmit']], '#weight' => 0, '#ajax' => array('effect' => 'slide', 'progress' => array('type' => 'bar', 'message' => t('Receiving quotes...'))), '#limit_validation_errors' => array());
     $contents['quotes'] = array('#tree' => TRUE, '#prefix' => '<div id="quote">', '#suffix' => '</div>', '#weight' => 1);
     $contents['quotes'] += $order->quote_form;
     $form_state->set(['uc_ajax', 'uc_quote', 'panes][quotes][quote_button'], array('payment-pane' => 'uc_ajax_replace_checkout_pane', 'quotes-pane' => 'uc_ajax_replace_checkout_pane'));
     $form_state->set(['uc_ajax', 'uc_quote', 'panes][quotes][quotes][quote_option'], array('payment-pane' => 'uc_ajax_replace_checkout_pane'));
     return $contents;
 }

作者:Hak    项目:drupal8_trainin   
/**
  * {@inheritdoc}
  */
 public function process($text, $langcode)
 {
     $restrictions = $this->getHtmlRestrictions();
     // Split the work into two parts. For filtering HTML tags out of the content
     // we rely on the well-tested Xss::filter() code. Since there is no '*' tag
     // that needs to be removed from the list.
     unset($restrictions['allowed']['*']);
     $text = Xss::filter($text, array_keys($restrictions['allowed']));
     // After we've done tag filtering, we do attribute and attribute value
     // filtering as the second part.
     return new FilterProcessResult($this->filterAttributes($text));
 }

作者:sathishRi    项目:theme   
/**
 * Pre-processes variables for the "bootstrap_panel" theme hook.
 *
 * See template for list of available variables.
 *
 * @see bootstrap-panel.html.twig
 *
 * @ingroup theme_preprocess
 */
function bootstrap_preprocess_bootstrap_panel(&$variables)
{
    $element = $variables['element'];
    Element::setAttributes($element, array('id'));
    Element\RenderElement::setAttributes($element);
    $variables['attributes'] = $element['#attributes'];
    $variables['prefix'] = isset($element['#field_prefix']) ? $element['#field_prefix'] : NULL;
    $variables['suffix'] = isset($element['#field_suffix']) ? $element['#field_suffix'] : NULL;
    $variables['title_display'] = isset($element['#title_display']) ? $element['#title_display'] : NULL;
    $variables['children'] = $element['#children'];
    $variables['required'] = !empty($element['#required']) ? $element['#required'] : NULL;
    $variables['legend']['title'] = !empty($element['#title']) ? Xss::filterAdmin($element['#title']) : '';
    $variables['legend']['attributes'] = new Attribute();
    $variables['legend_span']['attributes'] = new Attribute();
    if (!empty($element['#description'])) {
        $description_id = $element['#attributes']['id'] . '--description';
        $description_attributes['id'] = $description_id;
        $variables['description']['attributes'] = new Attribute($description_attributes);
        $variables['description']['content'] = $element['#description'];
        // Add the description's id to the fieldset aria attributes.
        $variables['attributes']['aria-describedby'] = $description_id;
    }
    $variables['collapsible'] = FALSE;
    if (isset($element['#collapsible'])) {
        $variables['collapsible'] = $element['#collapsible'];
        $variables['attributes']['class'][] = 'collapsible';
    }
    $variables['collapsed'] = FALSE;
    if (isset($element['#collapsed'])) {
        $variables['collapsed'] = $element['#collapsed'];
    }
    // Force grouped fieldsets to not be collapsible (for vertical tabs).
    if (!empty($element['#group'])) {
        $variables['collapsible'] = FALSE;
        $variables['collapsed'] = FALSE;
    }
    if (!isset($element['#id']) && $variables['collapsible']) {
        $element['#id'] = \Drupal\Component\Utility\Html::getUniqueId('bootstrap-panel');
    }
    $variables['target'] = NULL;
    if (isset($element['#id'])) {
        if (!isset($variables['attributes']['id'])) {
            $variables['attributes']['id'] = $element['#id'];
        }
        $variables['target'] = '#' . $element['#id'] . ' > .collapse';
    }
    // Iterate over optional variables.
    $keys = array('description', 'prefix', 'suffix', 'title', 'value');
    foreach ($keys as $key) {
        $variables[$key] = !empty($element["#{$key}"]) ? $element["#{$key}"] : FALSE;
    }
}

作者:nsp1    项目:Drupal   
/**
  * Filters an HTML string to prevent XSS vulnerabilities.
  *
  * Like \Drupal\Component\Utility\Xss::filterAdmin(), but with a shorter list
  * of allowed tags.
  *
  * Used for items entered by administrators, like field descriptions, allowed
  * values, where some (mainly inline) mark-up may be desired (so
  * \Drupal\Component\Utility\SafeMarkup::checkPlain() is not acceptable).
  *
  * @param string $string
  *   The string with raw HTML in it.
  *
  * @return \Drupal\Component\Utility\SafeMarkup
  *   An XSS safe version of $string, or an empty string if $string is not
  *   valid UTF-8.
  */
 public function fieldFilterXss($string)
 {
     // All known XSS vectors are filtered out by
     // \Drupal\Component\Utility\Xss::filter(), all tags in the markup are
     // allowed intentionally by the trait, and no danger is added in by
     // \Drupal\Component\Utility\HTML::normalize(). Since the normalized value
     // is essentially the same markup, designate this string as safe as well.
     // This method is an internal part of field sanitization, so the resultant,
     // sanitized string should be printable as is.
     //
     // @todo Free this memory in https://www.drupal.org/node/2505963.
     return SafeMarkup::set(Html::normalize(Xss::filter($string, $this->allowedTags())));
 }


问题


面经


文章

微信
公众号

扫码关注公众号