core/modules/filter/filter.api.php                 |   28 +++
 core/modules/filter/filter.module                  |  200 +++++++++++++++++++-
 .../lib/Drupal/filter/Tests/FilterAPITest.php      |  143 ++++++++++++++
 .../lib/Drupal/filter/Tests/FilterSecurityTest.php |   19 +-
 core/modules/php/php.module                        |    1 +
 5 files changed, 388 insertions(+), 3 deletions(-)

diff --git a/core/modules/filter/filter.api.php b/core/modules/filter/filter.api.php
index f11a528..e4d032d 100644
--- a/core/modules/filter/filter.api.php
+++ b/core/modules/filter/filter.api.php
@@ -59,6 +59,9 @@
  *   - settings callback: The name of a function that returns configuration
  *     form elements for the filter. See hook_filter_FILTER_settings() for
  *     details.
+ *   - allowed tags callback: The name of a function that returns an array of
+ *     tags that are allowed by this filter. This is only necessary for filters
+ *     that strip away other tags.
  *   - default settings: An associative array containing default settings for
  *     the filter, to be applied when the filter has not been configured yet.
  *   - prepare callback: The name of a function that escapes the content before
@@ -84,6 +87,7 @@ function hook_filter_info() {
     'description' => t('Allows you to restrict the HTML tags the user can use. It will also remove harmful content such as JavaScript events, JavaScript URLs and CSS styles from those tags that are not removed.'),
     'process callback' => '_filter_html',
     'settings callback' => '_filter_html_settings',
+    'allowed tags callback' => '_filter_html_allowed_tags',
     'default settings' => array(
       'allowed_html' => '<a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>',
       'filter_html_help' => 1,
@@ -173,6 +177,30 @@ function hook_filter_FILTER_settings($form, &$form_state, $filter, $format, $def
 }
 
 /**
+ * Filter allowed tags callback for hook_filter_info().
+ *
+ * Note: This is not really a hook. The function name is manually specified via
+ * 'allowed tags callback' in hook_filter_info(), with this recommended callback
+ * name pattern. It is called from filter_get_allowed_tags_by_format().
+ *
+ * This callback function is only necessary for filters that strip away other
+ * tags and allows other modules to gain insight in a generic manner into the
+ * HTML tags that are allowed by a given filter. Through the API function
+ * filter_get_allowed_tags_by_format(), modules can easily find out which tags
+ * are allowed by all filters in a text format (i.e. their intersection).
+ *
+ * @param $filter
+ *   The filter object containing settings for the given format.
+ *
+ * @return array
+ *   An array of allowed tags, or the empty array in case no tags are allowed.
+ *   A valid return value could be e.g. array('p', 'br', 'a').
+ */
+function hook_filter_FILTER_allowed_tags($filter) {
+  return preg_split('/\s+|<|>/', $filter->settings['allowed_html'], -1, PREG_SPLIT_NO_EMPTY);
+}
+
+/**
  * Prepare callback for hook_filter_info().
  *
  * Note: This is not really a hook. The function name is manually specified via
diff --git a/core/modules/filter/filter.module b/core/modules/filter/filter.module
index 8b98bbe..86ba7f1 100644
--- a/core/modules/filter/filter.module
+++ b/core/modules/filter/filter.module
@@ -7,6 +7,77 @@
 use Drupal\Core\Cache\CacheBackendInterface;
 use Drupal\Core\Template\Attribute;
 
+
+
+
+/**
+ * HTML generator filters -- MUST generate HTML.
+ *
+ * Formats using filters of this type may not be able to use WYSIWYG editors.
+ *
+ * WYSIWYG use case: ability to detect non-HTML formats, such as Markdown, where
+ * no WYSIWYG editor should be used because it would be impossible to go back to
+ * the original text format.
+ */
+const FILTER_TYPE_HTML_GENERATOR = 0;
+
+/**
+ * Security filters -- strip HTML tags that the user MAY NOT use.
+ *
+ * WYSIWYG use case: all filters of this type MUST be applied, the user MAY NOT
+ * be presented processed text without all filters of this type. Security
+ * exploits might otherwise occur.
+ */
+const FILTER_TYPE_SECURITY = 1;
+
+/**
+ * DOM transformation filters -- DOM-based, reliably reversible transformations.
+ *
+ * Filters SHOULD NOT use regular expressions when they can use DOM manipulation
+ * instead. This makes filters as robust as possible.
+ *
+ * WYSIWYG use case: these filters MUST NOT be applied when feeding a piece of
+ * text into the WYSIWYG editor. Instead, they MAY be re-implemented in
+ * JavaScript for each supported WYSIWYG editor.
+ * E.g. `<img data-caption="Druplicon">` may be (reversibly!) transformed to
+ * `<figure><img><figcaption>Druplicon</figcaption></figure>`.
+ */
+const FILTER_TYPE_TRANSFORM_DOM = 2;
+
+/**
+ * Text transformation filters -- text-based, irreversible transformations.
+ *
+ * WYSIWYG use case: these filters MUST NOT be applied when feeding a piece of
+ * text into the WYSIWYG editor. Furthermore, they MUST NOT be re-implemented
+ * in JavaScript.
+ * E.g.: the Typogrify filter would transform `WYSIWYG` and `I said "foo"!` into
+ * `<span class="caps">WYSIWYG</span>` and `I said “foo”!`, respectively. Text
+ * link ad systems would transform `fancy car` into something like
+ * `<a href="http://fancycar.com">fancy car</a>`. Neither of those text-based
+ * transformations make sense when doing WYSIWYG editing, nor is it possible to
+ * reliably reverse them.
+ */
+const FILTER_TYPE_TRANSFORM_TEXT = 3;
+
+/**
+ * All of the above implies:
+ * - if a format uses >=1 filters of type FILTER_TYPE_HTML_GENERATOR, no WYSIWYG
+ *   editor can be used.
+ * - if a format uses >=1 filters of type FILTER_TYPE_SECURITY, and a user saves
+ *   modified text through his WYSIWYG editor, any disallowed tags will be lost.
+ *   This seems like a minor annoyance and appears acceptable.
+ * - if a format uses >=1 filters of type FILTER_TYPE_TRANSFORM_TEXT, these
+ *   transformations will not be visible while editing, but will be visible when
+ *   viewing.
+ * - if a format uses >=1 filters of type FILTER_TYPE_TRANSFORM_DOM, these
+ *   transformations may not be visible while editing (it is up to the filter to
+ *   implement support for the WYSIWYG editor, by re-implementing the filtering
+ *   in JavaScript), but will be visible when viewing.
+ */
+
+
+
+
 /**
  * Implements hook_cache_flush().
  */
@@ -547,6 +618,92 @@ function filter_default_format($account = NULL) {
 }
 
 /**
+ * Retrieves all filter types that are used in a given text format.
+ *
+ * @param string $format_id
+ *   A text format ID.
+ * @return array
+ *   All filter types used by filters of a given text format.
+ *
+ * @throws Exception
+ */
+function filter_get_filter_types_by_format($format_id) {
+  $filter_types = array();
+
+  $filters = filter_list_format($format_id);
+
+  // Ignore filters that are disabled.
+  $filters = array_filter($filters, function($filter) {
+    return $filter->status;
+  });
+
+  $filters_info = filter_get_filters();
+  foreach ($filters as $filter) {
+    if (!isset($filters_info[$filter->name]['type'])) {
+      throw new Exception(t('Filter %filter has no type specified.', array ('%filter' => $filter->name)));
+    }
+
+    $filter_types[] = $filters_info[$filter->name]['type'];
+  }
+
+  return array_unique($filter_types);
+}
+
+/**
+ * Retrieve all tags that are allowed by a given text format.
+ *
+ * @param string $format_id
+ *   A text format ID.
+ * @return array|TRUE
+ *   An array of HTML tags (in "p", not "<p>" format) that are allowed by the
+ *   text format. The empty array implies no tags are allowed. TRUE implies all
+ *   tags are allowed.
+ */
+function filter_get_allowed_tags_by_format($format_id) {
+  $filters = filter_list_format($format_id);
+
+  // Ignore filters that are disabled or don't have an "allowed tags" setting.
+  $filters = array_filter($filters, function($filter) {
+    if (!$filter->status) {
+      return FALSE;
+    }
+
+    $filters_info = filter_get_filters();
+    if (!empty($filters_info[$filter->name]['allowed tags callback'])) {
+      return TRUE;
+    }
+  });
+
+  if (empty($filters)) {
+    return TRUE;
+  }
+  else {
+    // From the set of remaining filters (they were filtered by array_filter()
+    // above), collect the list of tags that is allowed by *all* filters, i.e.
+    // the intersection of all allowed tags.
+    $allowed_tags = array_reduce($filters, function($result, $filter) {
+      $filters_info = filter_get_filters();
+      $function = $filters_info[$filter->name]['allowed tags callback'];
+      $allowed_tags = $function($filter);
+
+      // The first filter with an "allowed tags" setting provides the initial
+      // set.
+      if (!isset($result)) {
+        return $allowed_tags;
+      }
+      // Subsequent filters with an "allowed tags" setting must be intersected
+      // with the existing set, to ensure we only end up with the tags that are
+      // allowed by *all* filters with an "allowed tags" setting.
+      else {
+        return array_intersect($result, $allowed_tags);
+      }
+    }, NULL);
+
+    return $allowed_tags;
+  }
+}
+
+/**
  * Returns the ID of the fallback text format that all users have access to.
  *
  * The fallback text format is a regular text format in every respect, except
@@ -756,13 +913,18 @@ function filter_list_format($format_id) {
  *   Boolean whether to cache the filtered output in the {cache_filter} table.
  *   The caller may set this to FALSE when the output is already cached
  *   elsewhere to avoid duplicate cache lookups and storage.
+ * @param array $filter_types_to_skip
+ *   An array of filter types to skip, or the empty array (default) to skip no
+ *   filter types. All of the format's filters will be applied, except for
+ *   filters of the types that are marked to be skipped. FILTER_TYPE_SECURITY is
+ *   the only type that cannot be skipped.
  *
  * @return
  *   The filtered text.
  *
  * @ingroup sanitization
  */
-function check_markup($text, $format_id = NULL, $langcode = '', $cache = FALSE) {
+function check_markup($text, $format_id = NULL, $langcode = '', $cache = FALSE, $filter_types_to_skip = array()) {
   if (!isset($format_id)) {
     $format_id = filter_fallback_format();
   }
@@ -772,6 +934,16 @@ function check_markup($text, $format_id = NULL, $langcode = '', $cache = FALSE)
     return '';
   }
 
+  // Prevent FILTER_TYPE_SECURITY from being skipped.
+  if (in_array(FILTER_TYPE_SECURITY, $filter_types_to_skip)) {
+    $filter_types_to_skip = array_diff($filter_types_to_skip, array(FILTER_TYPE_SECURITY));
+  }
+
+  // When certain filters should be skipped, don't perform caching.
+  if ($filter_types_to_skip) {
+    $cache = FALSE;
+  }
+
   // Check for a cached version of this piece of text.
   $cache = $cache && !empty($format->cache);
   $cache_id = '';
@@ -792,6 +964,10 @@ function check_markup($text, $format_id = NULL, $langcode = '', $cache = FALSE)
 
   // Give filters the chance to escape HTML-like data such as code or formulas.
   foreach ($filters as $name => $filter) {
+    // If necessary, skip filters of a certain type.
+    if ($filter_types_to_skip && in_array($filter_info[$name]['type'], $filter_types_to_skip)) {
+      continue;
+    }
     if ($filter->status && isset($filter_info[$name]['prepare callback'])) {
       $function = $filter_info[$name]['prepare callback'];
       $text = $function($text, $filter, $format, $langcode, $cache, $cache_id);
@@ -800,6 +976,10 @@ function check_markup($text, $format_id = NULL, $langcode = '', $cache = FALSE)
 
   // Perform filtering.
   foreach ($filters as $name => $filter) {
+    // If necessary, skip filters of a certain type.
+    if ($filter_types_to_skip && in_array($filter_info[$name]['type'], $filter_types_to_skip)) {
+      continue;
+    }
     if ($filter->status && isset($filter_info[$name]['process callback'])) {
       $function = $filter_info[$name]['process callback'];
       $text = $function($text, $filter, $format, $langcode, $cache, $cache_id);
@@ -1222,8 +1402,10 @@ function theme_filter_guidelines($variables) {
 function filter_filter_info() {
   $filters['filter_html'] = array(
     'title' => t('Limit allowed HTML tags'),
+    'type' => FILTER_TYPE_SECURITY,
     'process callback' => '_filter_html',
     'settings callback' => '_filter_html_settings',
+    'allowed tags callback' => '_filter_html_allowed_tags',
     'default settings' => array(
       'allowed_html' => '<a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>',
       'filter_html_help' => 1,
@@ -1234,11 +1416,13 @@ function filter_filter_info() {
   );
   $filters['filter_autop'] = array(
     'title' => t('Convert line breaks into HTML (i.e. <code>&lt;br&gt;</code> and <code>&lt;p&gt;</code>)'),
+    'type' => FILTER_TYPE_HTML_GENERATOR,
     'process callback' => '_filter_autop',
     'tips callback' => '_filter_autop_tips',
   );
   $filters['filter_url'] = array(
     'title' => t('Convert URLs into links'),
+    'type' => FILTER_TYPE_HTML_GENERATOR,
     'process callback' => '_filter_url',
     'settings callback' => '_filter_url_settings',
     'default settings' => array(
@@ -1248,11 +1432,13 @@ function filter_filter_info() {
   );
   $filters['filter_htmlcorrector'] = array(
     'title' =>  t('Correct faulty and chopped off HTML'),
+    'type' => FILTER_TYPE_SECURITY,
     'process callback' => '_filter_htmlcorrector',
     'weight' => 10,
   );
   $filters['filter_html_escape'] = array(
     'title' => t('Display any HTML as plain text'),
+    'type' => FILTER_TYPE_HTML_GENERATOR,
     'process callback' => '_filter_html_escape',
     'tips callback' => '_filter_html_escape_tips',
     'weight' => -10,
@@ -1290,10 +1476,20 @@ function _filter_html_settings($form, &$form_state, $filter, $format, $defaults)
 }
 
 /**
+ * Filter allowed tags callback for the HTML content filter.
+ *
+ * See hook_filter_FILTER_allowed_tags() for documentation of parameters and
+ * return value.
+ */
+function _filter_html_allowed_tags($filter) {
+  return preg_split('/\s+|<|>/', $filter->settings['allowed_html'], -1, PREG_SPLIT_NO_EMPTY);
+}
+
+/**
  * Provides filtering of input into accepted HTML.
  */
 function _filter_html($text, $filter) {
-  $allowed_tags = preg_split('/\s+|<|>/', $filter->settings['allowed_html'], -1, PREG_SPLIT_NO_EMPTY);
+  $allowed_tags = _filter_html_allowed_tags($filter);
   $text = filter_xss($text, $allowed_tags);
 
   if ($filter->settings['filter_html_nofollow']) {
diff --git a/core/modules/filter/lib/Drupal/filter/Tests/FilterAPITest.php b/core/modules/filter/lib/Drupal/filter/Tests/FilterAPITest.php
new file mode 100644
index 0000000..1d005a7
--- /dev/null
+++ b/core/modules/filter/lib/Drupal/filter/Tests/FilterAPITest.php
@@ -0,0 +1,143 @@
+<?php
+
+/**
+ * @file
+ * Definition of Drupal\filter\Tests\FilterAPITest.
+ */
+
+namespace Drupal\filter\Tests;
+
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Tests the behavior of Filter's API.
+ */
+class FilterAPITest extends WebTestBase {
+  public static function getInfo() {
+    return array(
+      'name' => 'API',
+      'description' => 'Test the behavior of the API of the Filter module.',
+      'group' => 'Filter',
+    );
+  }
+
+  function setUp() {
+    parent::setUp();
+
+    // Create Filtered HTML format.
+    $filtered_html_format = array(
+      'format' => 'filtered_html',
+      'name' => 'Filtered HTML',
+      'filters' => array(
+        // Note that the filter_html filter is of the type FILTER_TYPE_HTML_GENERATOR.
+        'filter_url' => array(
+          'weight' => -1,
+          'status' => 1,
+        ),
+        // Note that the filter_html filter is of the type FILTER_TYPE_SECURITY.
+        'filter_html' => array(
+          'status' => 1,
+        ),
+      )
+    );
+    $filtered_html_format = (object) $filtered_html_format;
+    filter_format_save($filtered_html_format);
+
+    // Create Full HTML format.
+    $full_html_format = array(
+      'format' => 'full_html',
+      'name' => 'Full HTML',
+      'weight' => 1,
+      'filters' => array(
+        'filter_htmlcorrector' => array(
+          'weight' => 10,
+          'status' => 1,
+        ),
+      ),
+    );
+    $full_html_format = (object) $full_html_format;
+    filter_format_save($full_html_format);
+  }
+
+  /**
+   * Tests the ability to apply only a subset of filters.
+   */
+  function testCheckMarkup() {
+    $text = "Text with <marquee>evil content and</marquee> a URL: http://drupal.org!";
+    $expected_filtered_text = "Text with evil content and a URL: <a href=\"http://drupal.org\">http://drupal.org</a>!";
+    $expected_filter_text_without_html_generators = "Text with evil content and a URL: http://drupal.org!";
+
+    $this->assertIdentical(
+      check_markup($text, 'filtered_html', '', FALSE, array()),
+      $expected_filtered_text,
+      t('Expected filter result.')
+    );
+    $this->assertIdentical(
+      check_markup($text, 'filtered_html', '', FALSE, array(FILTER_TYPE_HTML_GENERATOR)),
+      $expected_filter_text_without_html_generators,
+      t('Expected filter result when skipping FILTER_TYPE_HTML_GENERATOR filters.')
+    );
+    // Related to @see FilterSecurityTest.php/testSkipSecurityFilters(), but
+    // this check focuses on the ability to filter multiple filter types at once.
+    // Drupal core only ships with these two types of filters, so this is the
+    // most extensive test possible.
+    $this->assertIdentical(
+      check_markup($text, 'filtered_html', '', FALSE, array(FILTER_TYPE_SECURITY, FILTER_TYPE_HTML_GENERATOR)),
+      $expected_filter_text_without_html_generators,
+      t('Expected filter result when skipping FILTER_TYPE_HTML_GENERATOR filters, even when trying to disable filters of the FILTER_TYPE_SECURITY type.')
+    );
+  }
+
+  function testFilterFormatAPI() {
+    // Test on filtered_html.
+    $this->assertEqual(
+      filter_get_allowed_tags_by_format('filtered_html'),
+      array('a', 'em', 'strong', 'cite', 'blockquote', 'code', 'ul', 'ol', 'li', 'dl', 'dt', 'dd'),
+      t('filter_get_allowed_tags_by_format() works as expected for the filtered_html format.')
+    );
+    $this->assertEqual(
+      filter_get_filter_types_by_format('filtered_html'),
+      array(FILTER_TYPE_SECURITY, FILTER_TYPE_HTML_GENERATOR),
+      t('filter_get_filter_types_by_format() works as expected for the filtered_html format.')
+    );
+
+    // Test on full_html.
+    $this->assertEqual(
+      filter_get_allowed_tags_by_format('full_html'),
+      TRUE, // Every tag is allowed.
+      t('filter_get_allowed_tags_by_format() works as expected for the full_html format.')
+    );
+    $this->assertEqual(
+      filter_get_filter_types_by_format('full_html'),
+      array(FILTER_TYPE_SECURITY),
+      t('filter_get_filter_types_by_format() works as expected for the full_html format.')
+    );
+
+    // Test on stupid_filtered_html.
+    $stupid_filtered_html_format = array(
+      'format' => 'stupid_filtered_html',
+      'name' => 'Stupid Filtered HTML',
+      'filters' => array(
+        // Note that the filter_html filter is of the type FILTER_TYPE_SECURITY.
+        'filter_html' => array(
+          'status' => 1,
+          'settings' => array(
+            'allowed_html' => '', // Nothing is allowed.
+          )
+        ),
+      )
+    );
+    $stupid_filtered_html_format = (object) $stupid_filtered_html_format;
+    filter_format_save($stupid_filtered_html_format);
+    $this->assertEqual(
+      filter_get_allowed_tags_by_format('stupid_filtered_html'),
+      array(), // No tag is allowed.
+      t('filter_get_allowed_tags_by_format() works as expected for the stupid_filtered_html format.')
+    );
+    $this->assertEqual(
+      filter_get_filter_types_by_format('stupid_filtered_html'),
+      array(FILTER_TYPE_SECURITY),
+      t('filter_get_filter_types_by_format() works as expected for the stupid_filtered_html format.')
+    );
+  }
+}
diff --git a/core/modules/filter/lib/Drupal/filter/Tests/FilterSecurityTest.php b/core/modules/filter/lib/Drupal/filter/Tests/FilterSecurityTest.php
index 9c2c46c..bb9099a 100644
--- a/core/modules/filter/lib/Drupal/filter/Tests/FilterSecurityTest.php
+++ b/core/modules/filter/lib/Drupal/filter/Tests/FilterSecurityTest.php
@@ -24,7 +24,7 @@ class FilterSecurityTest extends WebTestBase {
   public static function getInfo() {
     return array(
       'name' => 'Security',
-      'description' => 'Test the behavior of check_markup() when a filter or text format vanishes.',
+      'description' => 'Test the behavior of check_markup() when a filter or text format vanishes, or when check_markup() is called in such a way that it is instructed to skip all filters of the "FILTER_TYPE_SECURITY" type.',
       'group' => 'Filter',
     );
   }
@@ -39,6 +39,12 @@ function setUp() {
     $filtered_html_format = array(
       'format' => 'filtered_html',
       'name' => 'Filtered HTML',
+      'filters' => array(
+        // Note that the filter_html filter is of the type FILTER_TYPE_SECURITY.
+        'filter_html' => array(
+          'status' => 1,
+        ),
+      )
     );
     $filtered_html_format = (object) $filtered_html_format;
     filter_format_save($filtered_html_format);
@@ -82,4 +88,15 @@ function testDisableFilterModule() {
     $this->drupalGet('node/' . $node->nid);
     $this->assertNoText($body_raw, t('Node body not found.'));
   }
+
+  /**
+   * Tests that when security filters are marked to be skipped, they are still
+   * enforced anyway.
+   */
+  function testSkipSecurityFilters() {
+    $text = "Text with some disallowed tags: <script />, <em><object>unicorn</object></em>, <i><table></i>.";
+    $expected_filtered_text = "Text with some disallowed tags: , <em>unicorn</em>, .";
+    $this->assertEqual(check_markup($text, 'filtered_html', '', FALSE, array()), $expected_filtered_text, t('Expected filter result.'));
+    $this->assertEqual(check_markup($text, 'filtered_html', '', FALSE, array(FILTER_TYPE_SECURITY)), $expected_filtered_text, t('Expected filter result, even when trying to disable filters of the FILTER_TYPE_SECURITY type.'));
+  }
 }
diff --git a/core/modules/php/php.module b/core/modules/php/php.module
index 73db6d0..8385490 100644
--- a/core/modules/php/php.module
+++ b/core/modules/php/php.module
@@ -138,6 +138,7 @@ function _php_filter_tips($filter, $format, $long = FALSE) {
 function php_filter_info() {
   $filters['php_code'] = array(
     'title' => t('PHP evaluator'),
+    'type' => FILTER_TYPE_HTML_GENERATOR,
     'description' => t('Executes a piece of PHP code. The usage of this filter should be restricted to administrators only!'),
     'process callback' => 'php_eval',
     'tips callback' => '_php_filter_tips',