diff --git a/core/includes/common.inc b/core/includes/common.inc
index a2226c8..ee8ce3f 100644
--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -3177,7 +3177,7 @@ function _drupal_bootstrap_code() {
// Set the allowed protocols once we have the config available.
$allowed_protocols = \Drupal::config('system.filter')->get('protocols');
if (!isset($allowed_protocols)) {
- // filter_xss_admin() is called by the installer and update.php, in which
+ // \Drupal\Component\Utility\Xss::filterAdmin is called by the installer and update.php, in which
// case the configuration may not exist (yet). Provide a minimal default set
// of allowed protocols for these cases.
$allowed_protocols = array('http', 'https');
diff --git a/core/includes/errors.inc b/core/includes/errors.inc
index 56c276f..1abcdaa 100644
--- a/core/includes/errors.inc
+++ b/core/includes/errors.inc
@@ -5,6 +5,7 @@
* Functions for error handling.
*/
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Utility\Error;
use Drupal\Component\Utility\String;
use Symfony\Component\HttpFoundation\Response;
@@ -70,7 +71,7 @@ function _drupal_error_handler_real($error_level, $message, $filename, $line, $c
'%type' => isset($types[$error_level]) ? $severity_msg : 'Unknown error',
// The standard PHP error handler considers that the error messages
// are HTML. We mimick this behavior here.
- '!message' => filter_xss_admin($message),
+ '!message' => Xss::filterAdmin($message),
'%function' => $caller['function'],
'%file' => $caller['file'],
'%line' => $caller['line'],
diff --git a/core/includes/form.inc b/core/includes/form.inc
index f4a7718..a60b09c 100644
--- a/core/includes/form.inc
+++ b/core/includes/form.inc
@@ -2969,7 +2969,7 @@ function theme_form_element_label($variables) {
$required = drupal_render($marker);
}
- $title = filter_xss_admin($element['#title']);
+ $title = Xss::filterAdmin($element['#title']);
$attributes = array();
// Style the label as class option to display inline with the element.
@@ -3067,7 +3067,7 @@ function _form_set_attributes(&$element, $class = array()) {
* Note: if the batch 'title', 'init_message', 'progress_message', or
* 'error_message' could contain any user input, it is the responsibility of
* the code calling batch_set() to sanitize them first with a function like
- * \Drupal\Component\Utility\String::checkPlain() or filter_xss(). Furthermore,
+ * \Drupal\Component\Utility\String::checkPlain() or \Drupal\Component\Utility\Xss::filter. Furthermore,
* if the batch operation returns any user input in the 'results' or 'message'
* keys of $context, it must also sanitize them first.
*
diff --git a/core/includes/theme.inc b/core/includes/theme.inc
index f699d4b..de1c75d 100644
--- a/core/includes/theme.inc
+++ b/core/includes/theme.inc
@@ -10,6 +10,7 @@
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\UrlHelper;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Config\Config;
use Drupal\Core\Language\Language;
use Drupal\Core\Extension\Extension;
@@ -1986,7 +1987,7 @@ function template_preprocess_html(&$variables) {
else {
$head_title = array('name' => String::checkPlain($site_config->get('name')));
if ($site_config->get('slogan')) {
- $head_title['slogan'] = strip_tags(filter_xss_admin($site_config->get('slogan')));
+ $head_title['slogan'] = strip_tags(Xss::filterAdmin($site_config->get('slogan')));
}
}
@@ -2082,7 +2083,7 @@ function template_preprocess_page(&$variables) {
$variables['secondary_menu'] = theme_get_setting('features.secondary_menu') ? menu_secondary_menu() : array();
$variables['action_links'] = menu_get_local_actions();
$variables['site_name'] = (theme_get_setting('features.name') ? String::checkPlain($site_config->get('name')) : '');
- $variables['site_slogan'] = (theme_get_setting('features.slogan') ? filter_xss_admin($site_config->get('slogan')) : '');
+ $variables['site_slogan'] = (theme_get_setting('features.slogan') ? Xss::filterAdmin($site_config->get('slogan')) : '');
$variables['tabs'] = menu_local_tabs();
// Pass the main menu and secondary menu to the template as render arrays.
@@ -2272,7 +2273,7 @@ function template_preprocess_maintenance_page(&$variables) {
else {
$head_title = array('name' => String::checkPlain($site_name));
if ($site_slogan) {
- $head_title['slogan'] = strip_tags(filter_xss_admin($site_slogan));
+ $head_title['slogan'] = strip_tags(Xss::filterAdmin($site_slogan));
}
}
@@ -2294,7 +2295,7 @@ function template_preprocess_maintenance_page(&$variables) {
$variables['language'] = $language_interface;
$variables['logo'] = theme_get_setting('logo.url');
$variables['site_name'] = (theme_get_setting('features.name') ? String::checkPlain($site_name) : '');
- $variables['site_slogan'] = (theme_get_setting('features.slogan') ? filter_xss_admin($site_slogan) : '');
+ $variables['site_slogan'] = (theme_get_setting('features.slogan') ? Xss::filterAdmin($site_slogan) : '');
// Compile a list of classes that are going to be applied to the body element.
$variables['attributes']['class'][] = 'maintenance-page';
diff --git a/core/lib/Drupal/Component/Utility/String.php b/core/lib/Drupal/Component/Utility/String.php
index affd4df..b85e350 100644
--- a/core/lib/Drupal/Component/Utility/String.php
+++ b/core/lib/Drupal/Component/Utility/String.php
@@ -77,7 +77,7 @@ public static function decodeEntities($text) {
* this for text that has already been prepared for HTML display (for
* example, user-supplied text that has already been run through
* String::checkPlain() previously, or is expected to contain some limited
- * HTML tags and has already been run through filter_xss() previously).
+ * HTML tags and has already been run through \Drupal\Component\Utility\Xss::filter previously).
*
* @return mixed
* The formatted string, or FALSE if no args specified.
diff --git a/core/lib/Drupal/Core/EventSubscriber/MaintenanceModeSubscriber.php b/core/lib/Drupal/Core/EventSubscriber/MaintenanceModeSubscriber.php
index 93bfb42..7c5db6e 100644
--- a/core/lib/Drupal/Core/EventSubscriber/MaintenanceModeSubscriber.php
+++ b/core/lib/Drupal/Core/EventSubscriber/MaintenanceModeSubscriber.php
@@ -7,6 +7,7 @@
namespace Drupal\Core\EventSubscriber;
+use Drupal\Component\Utility\Xss;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\KernelEvents;
@@ -47,7 +48,7 @@ public function onKernelRequestMaintenance(GetResponseEvent $event) {
$maintenance_page = array(
'#theme' => 'maintenance_page',
'#title' => t('Site under maintenance'),
- '#content' => filter_xss_admin(
+ '#content' => Xss::filterAdmin(
t(\Drupal::config('system.maintenance')->get('message'), array('@site' => \Drupal::config('system.site')->get('name')))
),
);
diff --git a/core/lib/Drupal/Core/Utility/Token.php b/core/lib/Drupal/Core/Utility/Token.php
index e612de8..5b74a77 100644
--- a/core/lib/Drupal/Core/Utility/Token.php
+++ b/core/lib/Drupal/Core/Utility/Token.php
@@ -107,7 +107,7 @@ public function __construct(ModuleHandlerInterface $module_handler) {
* final text if no replacement value can be generated.
* - sanitize: A boolean flag indicating that tokens should be sanitized for
* display to a web browser. Defaults to TRUE. Developers who set this
- * option to FALSE assume responsibility for running filter_xss(),
+ * option to FALSE assume responsibility for running \Drupal\Component\Utility\Xss::filter,
* String::checkPlain() or other appropriate scrubbing functions before
* displaying data to users.
*
@@ -200,7 +200,7 @@ public function scan($text) {
* encoding or truncation to a specific length.
* - sanitize: A boolean flag indicating that tokens should be sanitized for
* display to a web browser. Developers who set this option to FALSE assume
- * responsibility for running filter_xss(), String::checkPlain() or other
+ * responsibility for running \Drupal\Component\Utility\Xss::filter, String::checkPlain() or other
* appropriate scrubbing functions before displaying data to users.
*
* @return array
diff --git a/core/modules/aggregator/aggregator.module b/core/modules/aggregator/aggregator.module
index 78a8e17..03c5fac 100644
--- a/core/modules/aggregator/aggregator.module
+++ b/core/modules/aggregator/aggregator.module
@@ -7,6 +7,7 @@
use Drupal\aggregator\FeedInterface;
use Drupal\Component\Plugin\Exception\PluginException;
+use Drupal\Component\Utility\Xss;
/**
* Denotes that a feed's items should never expire.
@@ -276,7 +277,7 @@ function aggregator_feed_load($fid) {
* The filtered content.
*/
function aggregator_filter_xss($value) {
- return filter_xss($value, preg_split('/\s+|<|>/', \Drupal::config('aggregator.settings')->get('items.allowed_html'), -1, PREG_SPLIT_NO_EMPTY));
+ return Xss::filter($value, preg_split('/\s+|<|>/', \Drupal::config('aggregator.settings')->get('items.allowed_html'), -1, PREG_SPLIT_NO_EMPTY));
}
/**
diff --git a/core/modules/block/custom_block/custom_block.pages.inc b/core/modules/block/custom_block/custom_block.pages.inc
index 4cca4cc..f24e16b 100644
--- a/core/modules/block/custom_block/custom_block.pages.inc
+++ b/core/modules/block/custom_block/custom_block.pages.inc
@@ -5,6 +5,7 @@
* Provides page callbacks for custom blocks.
*/
+use Drupal\Component\Utility\Xss;
use Drupal\custom_block\Entity\CustomBlockType;
use Drupal\custom_block\Entity\CustomBlock;
use Symfony\Component\HttpFoundation\RedirectResponse;
@@ -26,7 +27,7 @@ function template_preprocess_custom_block_add_list(&$variables) {
foreach ($variables['content'] as $type) {
$variables['types'][$type->id()] = array(
'link' => \Drupal::l($type->label(), 'custom_block.add_form', array('custom_block_type' => $type->id()), array('query' => $query)),
- 'description' => filter_xss_admin($type->description),
+ 'description' => Xss::filterAdmin($type->description),
'title' => $type->label(),
'localized_options' => array(
'query' => $query,
diff --git a/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeListController.php b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeListController.php
index 84a8ad9..a3c7418 100644
--- a/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeListController.php
+++ b/core/modules/block/custom_block/lib/Drupal/custom_block/CustomBlockTypeListController.php
@@ -7,6 +7,7 @@
namespace Drupal\custom_block;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Config\Entity\ConfigEntityListController;
use Drupal\Core\Entity\EntityInterface;
@@ -43,7 +44,7 @@ public function buildHeader() {
public function buildRow(EntityInterface $entity) {
$uri = $entity->urlInfo();
$row['type'] = \Drupal::l($entity->label(), $uri['route_name'], $uri['route_parameters'], $uri['options']);
- $row['description'] = filter_xss_admin($entity->description);
+ $row['description'] = Xss::filterAdmin($entity->description);
return $row + parent::buildRow($entity);
}
diff --git a/core/modules/comment/comment.tokens.inc b/core/modules/comment/comment.tokens.inc
index b58230a..f38f98b 100644
--- a/core/modules/comment/comment.tokens.inc
+++ b/core/modules/comment/comment.tokens.inc
@@ -5,6 +5,8 @@
* Builds placeholder replacement tokens for comment-related data.
*/
+use Drupal\Component\Utility\Xss;
+
/**
* Implements hook_token_info().
*/
@@ -152,7 +154,7 @@ function comment_tokens($type, $tokens, array $data = array(), array $options =
break;
case 'title':
- $replacements[$original] = $sanitize ? filter_xss($comment->getSubject()) : $comment->getSubject();
+ $replacements[$original] = $sanitize ? Xss::filter($comment->getSubject()) : $comment->getSubject();
break;
case 'body':
@@ -175,13 +177,13 @@ function comment_tokens($type, $tokens, array $data = array(), array $options =
case 'name':
case 'author':
$name = $comment->getAuthorName();
- $replacements[$original] = $sanitize ? filter_xss($name) : $name;
+ $replacements[$original] = $sanitize ? Xss::filter($name) : $name;
break;
case 'parent':
if ($comment->hasParentComment()) {
$parent = $comment->getParentComment();
- $replacements[$original] = $sanitize ? filter_xss($parent->getSubject()) : $parent->getSubject();
+ $replacements[$original] = $sanitize ? Xss::filter($parent->getSubject()) : $parent->getSubject();
}
break;
@@ -196,7 +198,7 @@ function comment_tokens($type, $tokens, array $data = array(), array $options =
case 'entity':
$entity = $comment->getCommentedEntity();
$title = $entity->label();
- $replacements[$original] = $sanitize ? filter_xss($title) : $title;
+ $replacements[$original] = $sanitize ? Xss::filter($title) : $title;
break;
case 'node':
@@ -206,7 +208,7 @@ function comment_tokens($type, $tokens, array $data = array(), array $options =
if ($comment->getCommentedEntityTypeId() == 'node') {
$entity = $comment->getCommentedEntity();
$title = $entity->label();
- $replacements[$original] = $sanitize ? filter_xss($title) : $title;
+ $replacements[$original] = $sanitize ? Xss::filter($title) : $title;
}
else {
$replacements[$original] = NULL;
diff --git a/core/modules/comment/lib/Drupal/comment/Tests/CommentTokenReplaceTest.php b/core/modules/comment/lib/Drupal/comment/Tests/CommentTokenReplaceTest.php
index bd300fc..0d2a4b2 100644
--- a/core/modules/comment/lib/Drupal/comment/Tests/CommentTokenReplaceTest.php
+++ b/core/modules/comment/lib/Drupal/comment/Tests/CommentTokenReplaceTest.php
@@ -7,6 +7,7 @@
namespace Drupal\comment\Tests;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Language\Language;
/**
@@ -54,11 +55,11 @@ function testCommentTokenReplacement() {
$tests = array();
$tests['[comment:cid]'] = $comment->id();
$tests['[comment:hostname]'] = check_plain($comment->getHostname());
- $tests['[comment:name]'] = filter_xss($comment->getAuthorName());
- $tests['[comment:author]'] = filter_xss($comment->getAuthorName());
+ $tests['[comment:name]'] = Xss::filter($comment->getAuthorName());
+ $tests['[comment:author]'] = Xss::filter($comment->getAuthorName());
$tests['[comment:mail]'] = check_plain($this->admin_user->getEmail());
$tests['[comment:homepage]'] = check_url($comment->getHomepage());
- $tests['[comment:title]'] = filter_xss($comment->getSubject());
+ $tests['[comment:title]'] = Xss::filter($comment->getSubject());
$tests['[comment:body]'] = $comment->comment_body->processed;
$tests['[comment:url]'] = url('comment/' . $comment->id(), $url_options + array('fragment' => 'comment-' . $comment->id()));
$tests['[comment:edit-url]'] = url('comment/' . $comment->id() . '/edit', $url_options);
diff --git a/core/modules/dblog/lib/Drupal/dblog/Controller/DbLogController.php b/core/modules/dblog/lib/Drupal/dblog/Controller/DbLogController.php
index d891bfe..72ddf22 100644
--- a/core/modules/dblog/lib/Drupal/dblog/Controller/DbLogController.php
+++ b/core/modules/dblog/lib/Drupal/dblog/Controller/DbLogController.php
@@ -181,7 +181,7 @@ public function overview() {
}
if (isset($dblog->wid)) {
// Truncate link_text to 56 chars of message.
- $log_text = Unicode::truncate(filter_xss($message, array()), 56, TRUE, TRUE);
+ $log_text = Unicode::truncate(Xss::filter($message, array()), 56, TRUE, TRUE);
$message = $this->l($log_text, 'dblog.event', array('event_id' => $dblog->wid), array('html' => TRUE));
}
}
diff --git a/core/modules/dblog/lib/Drupal/dblog/Tests/DbLogTest.php b/core/modules/dblog/lib/Drupal/dblog/Tests/DbLogTest.php
index 24add00..2a5368f 100644
--- a/core/modules/dblog/lib/Drupal/dblog/Tests/DbLogTest.php
+++ b/core/modules/dblog/lib/Drupal/dblog/Tests/DbLogTest.php
@@ -7,6 +7,7 @@
namespace Drupal\dblog\Tests;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Language\Language;
use Drupal\dblog\Controller\DbLogController;
use Drupal\simpletest\WebTestBase;
@@ -264,7 +265,7 @@ private function doUser() {
$this->assertLogMessage(t('Session closed for %name.', array('%name' => $name)), 'DBLog event was recorded: [logout user]');
// Delete user.
$message = t('Deleted user: %name %email.', array('%name' => $name, '%email' => '<' . $user->getEmail() . '>'));
- $message_text = truncate_utf8(filter_xss($message, array()), 56, TRUE, TRUE);
+ $message_text = truncate_utf8(Xss::filter($message, array()), 56, TRUE, TRUE);
// Verify that the full message displays on the details page.
$link = FALSE;
if ($links = $this->xpath('//a[text()="' . html_entity_decode($message_text) . '"]')) {
@@ -613,8 +614,8 @@ protected function asText(\SimpleXMLElement $element) {
* The message to pass to simpletest.
*/
protected function assertLogMessage($log_message, $message) {
- $message_text = truncate_utf8(filter_xss($log_message, array()), 56, TRUE, TRUE);
- // After filter_xss(), HTML entities should be converted to their character
+ $message_text = truncate_utf8(Xss::filter($log_message, array()), 56, TRUE, TRUE);
+ // After \Drupal\Component\Utility\Xss::filter, HTML entities should be converted to their character
// equivalents because assertLink() uses this string in xpath() to query the
// Document Object Model (DOM).
$this->assertLink(html_entity_decode($message_text), 0, $message);
diff --git a/core/modules/editor/lib/Drupal/editor/EditorController.php b/core/modules/editor/lib/Drupal/editor/EditorController.php
index 0e65571..0850596 100644
--- a/core/modules/editor/lib/Drupal/editor/EditorController.php
+++ b/core/modules/editor/lib/Drupal/editor/EditorController.php
@@ -64,7 +64,7 @@ public function getUntransformedText(EntityInterface $entity, $field_name, $lang
* @return \Symfony\Component\HttpFoundation\JsonResponse
* A JSON response containing the XSS-filtered value.
*
- * @see editor_filter_xss()
+ * @see editor_\Drupal\Component\Utility\Xss::filter
*/
public function filterXss(Request $request, FilterFormatInterface $filter_format) {
$value = $request->request->get('value');
diff --git a/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/views/style/EntityReference.php b/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/views/style/EntityReference.php
index 03fdf24..37a446b 100644
--- a/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/views/style/EntityReference.php
+++ b/core/modules/entity_reference/lib/Drupal/entity_reference/Plugin/views/style/EntityReference.php
@@ -7,6 +7,7 @@
namespace Drupal\entity_reference\Plugin\views\style;
+use Drupal\Component\Utility\Xss;
use Drupal\views\Plugin\views\style\StylePluginBase;
/**
@@ -92,7 +93,7 @@ public function render() {
// Sanitize HTML, remove line breaks and extra whitespace.
$output = $this->view->rowPlugin->render($values);
$output = drupal_render($output);
- $results[$values->{$id_field_alias}] = filter_xss_admin(preg_replace('/\s\s+/', ' ', str_replace("\n", '', $output)));
+ $results[$values->{$id_field_alias}] = Xss::filterAdmin(preg_replace('/\s\s+/', ' ', str_replace("\n", '', $output)));
$this->view->row_index++;
}
}
diff --git a/core/modules/field/field.module b/core/modules/field/field.module
index f0e280c..3efb5cd 100644
--- a/core/modules/field/field.module
+++ b/core/modules/field/field.module
@@ -284,7 +284,7 @@ function field_cache_clear() {
/**
* Filters an HTML string to prevent cross-site-scripting (XSS) vulnerabilities.
*
- * Like filter_xss_admin(), but with a shorter list of allowed tags.
+ * Like \Drupal\Component\Utility\Xss::filterAdmin, but with a shorter list of allowed tags.
*
* Used for items entered by administrators, like field descriptions, allowed
* values, where some (mainly inline) mark-up may be desired (so
@@ -302,7 +302,7 @@ function field_filter_xss($string) {
}
/**
- * Returns a list of tags allowed by field_filter_xss().
+ * Returns a list of tags allowed by field_\Drupal\Component\Utility\Xss::filter.
*/
function _field_filter_xss_allowed_tags() {
return array('a', 'b', 'big', 'code', 'del', 'em', 'i', 'ins', 'pre', 'q', 'small', 'span', 'strong', 'sub', 'sup', 'tt', 'ol', 'ul', 'li', 'p', 'br', 'img');
diff --git a/core/modules/field/lib/Drupal/field/Plugin/views/field/Field.php b/core/modules/field/lib/Drupal/field/Plugin/views/field/Field.php
index be3734d..2a6d286 100644
--- a/core/modules/field/lib/Drupal/field/Plugin/views/field/Field.php
+++ b/core/modules/field/lib/Drupal/field/Plugin/views/field/Field.php
@@ -7,6 +7,7 @@
namespace Drupal\field\Plugin\views\field;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityManagerInterface;
use Drupal\Core\Entity\EntityStorageControllerInterface;
@@ -649,7 +650,7 @@ protected function renderItems($items) {
}
if ($this->options['multi_type'] == 'separator') {
- return implode(filter_xss_admin($this->options['separator']), $items);
+ return implode(Xss::filterAdmin($this->options['separator']), $items);
}
else {
$item_list = array(
@@ -843,7 +844,7 @@ protected function addSelfTokens(&$tokens, $item) {
(is_object($item['raw']) ? (array)$item['raw'] : NULL);
}
if (isset($raw) && isset($raw[$id]) && is_scalar($raw[$id])) {
- $tokens['[' . $this->options['id'] . '-' . $id . ']'] = filter_xss_admin($raw[$id]);
+ $tokens['[' . $this->options['id'] . '-' . $id . ']'] = Xss::filterAdmin($raw[$id]);
}
else {
// Make sure that empty values are replaced as well.
diff --git a/core/modules/field/lib/Drupal/field/Tests/FieldUnitTestBase.php b/core/modules/field/lib/Drupal/field/Tests/FieldUnitTestBase.php
index 9e10afd..ecbdbd6 100644
--- a/core/modules/field/lib/Drupal/field/Tests/FieldUnitTestBase.php
+++ b/core/modules/field/lib/Drupal/field/Tests/FieldUnitTestBase.php
@@ -7,6 +7,7 @@
namespace Drupal\field\Tests;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Language\Language;
use Drupal\simpletest\DrupalUnitTestBase;
@@ -235,7 +236,7 @@ protected function assertText($text, $message = '', $group = 'Other') {
if (!$message) {
$message = t('Raw "@raw" found', array('@raw' => $text));
}
- return $this->assert(strpos(filter_xss($this->content, array()), $text) !== FALSE, $message, $group);
+ return $this->assert(strpos(Xss::filter($this->content, array()), $text) !== FALSE, $message, $group);
}
/**
@@ -260,6 +261,6 @@ protected function assertNoText($text, $message = '', $group = 'Other') {
if (!$message) {
$message = t('Raw "@raw" not found', array('@raw' => $text));
}
- return $this->assert(strpos(filter_xss($this->content, array()), $text) === FALSE, $message, $group);
+ return $this->assert(strpos(Xss::filter($this->content, array()), $text) === FALSE, $message, $group);
}
}
diff --git a/core/modules/filter/filter.module b/core/modules/filter/filter.module
index 1e858ad..8f4c335 100644
--- a/core/modules/filter/filter.module
+++ b/core/modules/filter/filter.module
@@ -7,6 +7,7 @@
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Language\Language;
use Drupal\Core\Session\AccountInterface;
@@ -747,7 +748,7 @@ function template_preprocess_filter_tips(&$variables) {
*/
function _filter_html($text, $filter) {
$allowed_tags = preg_split('/\s+|<|>/', $filter->settings['allowed_html'], -1, PREG_SPLIT_NO_EMPTY);
- $text = filter_xss($text, $allowed_tags);
+ $text = Xss::filter($text, $allowed_tags);
if ($filter->settings['filter_html_nofollow']) {
$html_dom = Html::load($text);
@@ -791,7 +792,7 @@ function _filter_url($text, $filter) {
// the identical list. While '//' is technically optional for MAILTO only,
// we cannot cleanly differ between protocols here without hard-coding MAILTO,
// so '//' is optional for all protocols.
- // @see filter_xss_bad_protocol()
+ // @see \Drupal\Component\Utility\UrlHelper::filterBadProtocol
$protocols = \Drupal::config('system.filter')->get('protocols');
$protocols = implode(':(?://)?|', $protocols) . ':(?://)?';
diff --git a/core/modules/forum/forum.module b/core/modules/forum/forum.module
index 959a700..8e686a3 100644
--- a/core/modules/forum/forum.module
+++ b/core/modules/forum/forum.module
@@ -6,6 +6,7 @@
*/
use Drupal\comment\Plugin\Field\FieldType\CommentItemInterface;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Component\Utility\String;
use Drupal\field\Field;
@@ -744,7 +745,7 @@ function template_preprocess_forum_list(&$variables) {
$row = 0;
// Sanitize each forum so that the template can safely print the data.
foreach ($variables['forums'] as $id => $forum) {
- $variables['forums'][$id]->description = filter_xss_admin($forum->description->value);
+ $variables['forums'][$id]->description = Xss::filterAdmin($forum->description->value);
$variables['forums'][$id]->link = url("forum/" . $forum->id());
$variables['forums'][$id]->name = String::checkPlain($forum->label());
$variables['forums'][$id]->is_container = !empty($forum->forum_container->value);
diff --git a/core/modules/locale/locale.module b/core/modules/locale/locale.module
index 324be33..9488876 100644
--- a/core/modules/locale/locale.module
+++ b/core/modules/locale/locale.module
@@ -11,6 +11,7 @@
*/
use Drupal\Component\Utility\Json;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Language\Language;
use Drupal\Component\Utility\Crypt;
@@ -1056,15 +1057,15 @@ function locale_translation_use_remote_source() {
* not have any false positives. But it is only a test, not a transformation,
* as it destroys valid HTML. We cannot reliably filter translation strings
* on import because some strings are irreversibly corrupted. For example,
- * a & in the translation would get encoded to & by filter_xss()
+ * a & in the translation would get encoded to & by \Drupal\Component\Utility\Xss::filter
* before being put in the database, and thus would be displayed incorrectly.
*
- * The allowed tag list is like filter_xss_admin(), but omitting div and img as
+ * The allowed tag list is like \Drupal\Component\Utility\Xss::filterAdmin, but omitting div and img as
* not needed for translation and likely to cause layout issues (div) or a
* possible attack vector (img).
*/
function locale_string_is_safe($string) {
- return decode_entities($string) == decode_entities(filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'ins', 'kbd', 'li', 'ol', 'p', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var')));
+ return decode_entities($string) == decode_entities(Xss::filter($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'ins', 'kbd', 'li', 'ol', 'p', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var')));
}
/**
diff --git a/core/modules/menu/lib/Drupal/menu/MenuListController.php b/core/modules/menu/lib/Drupal/menu/MenuListController.php
index 18a3732..c890351 100644
--- a/core/modules/menu/lib/Drupal/menu/MenuListController.php
+++ b/core/modules/menu/lib/Drupal/menu/MenuListController.php
@@ -6,6 +6,7 @@
namespace Drupal\menu;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Config\Entity\ConfigEntityListController;
use Drupal\Core\Entity\EntityInterface;
@@ -34,7 +35,7 @@ public function buildRow(EntityInterface $entity) {
'data' => $this->getLabel($entity),
'class' => array('menu-label'),
);
- $row['description'] = filter_xss_admin($entity->description);
+ $row['description'] = Xss::filterAdmin($entity->description);
return $row + parent::buildRow($entity);
}
diff --git a/core/modules/node/node.module b/core/modules/node/node.module
index c97851e..6399281 100644
--- a/core/modules/node/node.module
+++ b/core/modules/node/node.module
@@ -9,6 +9,7 @@
*/
use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Language\Language;
use Symfony\Component\HttpFoundation\Response;
use Drupal\Core\Cache\Cache;
@@ -133,12 +134,12 @@ function node_help($path, $arg) {
case 'node/%/edit':
$node = node_load($arg[1]);
$type = node_type_load($node->bundle());
- return (!empty($type->help) ? filter_xss_admin($type->help) : '');
+ return (!empty($type->help) ? Xss::filterAdmin($type->help) : '');
}
if ($arg[0] == 'node' && $arg[1] == 'add' && $arg[2]) {
$type = node_type_load($arg[2]);
- return (!empty($type->help) ? filter_xss_admin($type->help) : '');
+ return (!empty($type->help) ? Xss::filterAdmin($type->help) : '');
}
}
diff --git a/core/modules/node/node.pages.inc b/core/modules/node/node.pages.inc
index fe5b0c1..94f29bc 100644
--- a/core/modules/node/node.pages.inc
+++ b/core/modules/node/node.pages.inc
@@ -9,6 +9,7 @@
* @see node_menu()
*/
+use Drupal\Component\Utility\Xss;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Drupal\node\NodeInterface;
@@ -30,7 +31,7 @@ function template_preprocess_node_add_list(&$variables) {
$variables['types'][$type->type] = array(
'type' => $type->type,
'add_link' => l($type->name, 'node/add/' . $type->type),
- 'description' => filter_xss_admin($type->description),
+ 'description' => Xss::filterAdmin($type->description),
);
}
}
@@ -141,7 +142,7 @@ function node_revision_overview($node) {
'#account' => user_load($revision->uid),
);
$row[] = array('data' => t('!date by !username', array('!date' => l(format_date($revision->revision_timestamp, 'short'), 'node/' . $node->id()), '!username' => drupal_render($username)))
- . (($revision->log != '') ? '' . filter_xss($revision->log) . '
' : ''),
+ . (($revision->log != '') ? '' . Xss::filter($revision->log) . '
' : ''),
'class' => array('revision-current'));
$row[] = array('data' => drupal_placeholder(t('current revision')), 'class' => array('revision-current'));
}
@@ -151,7 +152,7 @@ function node_revision_overview($node) {
'#account' => user_load($revision->uid),
);
$row[] = t('!date by !username', array('!date' => l(format_date($revision->revision_timestamp, 'short'), "node/" . $node->id() . "/revisions/" . $revision->vid . "/view"), '!username' => drupal_render($username)))
- . (($revision->log != '') ? '' . filter_xss($revision->log) . '
' : '');
+ . (($revision->log != '') ? '' . Xss::filter($revision->log) . '
' : '');
if ($revert_permission) {
$links['revert'] = array(
'title' => t('Revert'),
diff --git a/core/modules/options/options.module b/core/modules/options/options.module
index 1d328f6..462fe53 100644
--- a/core/modules/options/options.module
+++ b/core/modules/options/options.module
@@ -60,7 +60,7 @@ function options_field_config_delete(FieldConfigInterface $field) {
* Returns the array of allowed values for a list field.
*
* The strings are not safe for output. Keys and values of the array should be
- * sanitized through field_filter_xss() before being displayed.
+ * sanitized through field_\Drupal\Component\Utility\Xss::filter before being displayed.
*
* @param \Drupal\Core\Field\FieldDefinitionInterface $field_definition
* The field definition.
diff --git a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
index 3e8f51b..1c1492e 100644
--- a/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
+++ b/core/modules/simpletest/lib/Drupal/simpletest/WebTestBase.php
@@ -11,6 +11,7 @@
use Drupal\Component\Utility\Json;
use Drupal\Component\Utility\NestedArray;
use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\DrupalKernel;
use Drupal\Core\Database\Database;
use Drupal\Core\Database\ConnectionNotDefinedException;
@@ -2761,7 +2762,7 @@ protected function assertNoText($text, $message = '', $group = 'Other') {
*/
protected function assertTextHelper($text, $message = '', $group, $not_exists) {
if ($this->plainTextContent === FALSE) {
- $this->plainTextContent = filter_xss($this->drupalGetContent(), array());
+ $this->plainTextContent = Xss::filter($this->drupalGetContent(), array());
}
if (!$message) {
$message = !$not_exists ? String::format('"@text" found', array('@text' => $text)) : String::format('"@text" not found', array('@text' => $text));
@@ -2846,7 +2847,7 @@ protected function assertNoUniqueText($text, $message = '', $group = 'Other') {
*/
protected function assertUniqueTextHelper($text, $message = '', $group, $be_unique) {
if ($this->plainTextContent === FALSE) {
- $this->plainTextContent = filter_xss($this->drupalGetContent(), array());
+ $this->plainTextContent = Xss::filter($this->drupalGetContent(), array());
}
if (!$message) {
$message = '"' . $text . '"' . ($be_unique ? ' found only once' : ' found more than once');
diff --git a/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php b/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php
index 2b1d696..9aa470f 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Common/XssUnitTest.php
@@ -11,7 +11,7 @@
use Drupal\simpletest\DrupalUnitTestBase;
/**
- * Tests for filter_xss() and check_url().
+ * Tests for \Drupal\Component\Utility\Xss::filter and check_url().
*/
class XssUnitTest extends DrupalUnitTestBase {
diff --git a/core/modules/system/lib/Drupal/system/Tests/Form/AlterTest.php b/core/modules/system/lib/Drupal/system/Tests/Form/AlterTest.php
index 70d9b5e..4c7f520 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Form/AlterTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Form/AlterTest.php
@@ -7,6 +7,7 @@
namespace Drupal\system\Tests\Form;
+use Drupal\Component\Utility\Xss;
use Drupal\simpletest\WebTestBase;
/**
@@ -42,7 +43,7 @@ function testExecutionOrder() {
'form_test_form_form_test_alter_form_alter() executed.',
'system_form_form_test_alter_form_alter() executed.',
);
- $content = preg_replace('/\s+/', ' ', filter_xss($this->content, array()));
+ $content = preg_replace('/\s+/', ' ', Xss::filter($this->content, array()));
$this->assert(strpos($content, implode(' ', $expected)) !== FALSE, 'Form alter hooks executed in the expected order.');
}
}
diff --git a/core/modules/system/lib/Drupal/system/Tests/System/PageTitleTest.php b/core/modules/system/lib/Drupal/system/Tests/System/PageTitleTest.php
index fdc511a..a944f2f 100644
--- a/core/modules/system/lib/Drupal/system/Tests/System/PageTitleTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/System/PageTitleTest.php
@@ -7,6 +7,7 @@
namespace Drupal\system\Tests\System;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Utility\Title;
use Drupal\simpletest\WebTestBase;
@@ -73,7 +74,7 @@ function testTitleXSS() {
$title_filtered = check_plain($title);
$slogan = '';
- $slogan_filtered = filter_xss_admin($slogan);
+ $slogan_filtered = Xss::filterAdmin($slogan);
// Activate needed appearance settings.
$edit = array(
diff --git a/core/modules/system/lib/Drupal/system/Tests/Theme/ThemeSuggestionsAlterTest.php b/core/modules/system/lib/Drupal/system/Tests/Theme/ThemeSuggestionsAlterTest.php
index a987e1f..202ddd2 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Theme/ThemeSuggestionsAlterTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Theme/ThemeSuggestionsAlterTest.php
@@ -7,6 +7,7 @@
namespace Drupal\system\Tests\Theme;
+use Drupal\Component\Utility\Xss;
use Drupal\simpletest\WebTestBase;
/**
@@ -182,7 +183,7 @@ function testExecutionOrder() {
'test_theme_theme_suggestions_alter() executed.',
'test_theme_theme_suggestions_theme_test_suggestions_alter() executed.',
);
- $content = preg_replace('/\s+/', ' ', filter_xss($this->content, array()));
+ $content = preg_replace('/\s+/', ' ', Xss::filter($this->content, array()));
$this->assert(strpos($content, implode(' ', $expected)) !== FALSE, 'Suggestion alter hooks executed in the expected order.');
}
diff --git a/core/modules/system/system.admin.inc b/core/modules/system/system.admin.inc
index 75f1c60..89e696b 100644
--- a/core/modules/system/system.admin.inc
+++ b/core/modules/system/system.admin.inc
@@ -5,6 +5,7 @@
* Admin page callbacks for the system module.
*/
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Cache\Cache;
use Drupal\Core\Extension\Extension;
use Drupal\Core\Template\Attribute;
@@ -106,7 +107,7 @@ function template_preprocess_admin_block_content(&$variables) {
foreach ($variables['content'] as $key => $item) {
$variables['content'][$key]['link'] = l($item['title'], $item['link_path'], $item['localized_options']);
if (!$compact && isset($item['description'])) {
- $variables['content'][$key]['description'] = filter_xss_admin($item['description']);
+ $variables['content'][$key]['description'] = Xss::filterAdmin($item['description']);
}
else {
$variables['content'][$key]['description'] = FALSE;
diff --git a/core/modules/system/system.tokens.inc b/core/modules/system/system.tokens.inc
index 4c27e2c..3750ff2 100644
--- a/core/modules/system/system.tokens.inc
+++ b/core/modules/system/system.tokens.inc
@@ -7,6 +7,8 @@
* This file handles tokens for the global 'site' and 'date' tokens.
*/
+use Drupal\Component\Utility\Xss;
+
/**
* Implements hook_token_info().
*/
@@ -109,7 +111,7 @@ function system_tokens($type, $tokens, array $data = array(), array $options = a
case 'slogan':
$slogan = \Drupal::config('system.site')->get('slogan');
- $replacements[$original] = $sanitize ? filter_xss_admin($slogan) : $slogan;
+ $replacements[$original] = $sanitize ? Xss::filterAdmin($slogan) : $slogan;
break;
case 'mail':
diff --git a/core/modules/taxonomy/lib/Drupal/taxonomy/Tests/TokenReplaceTest.php b/core/modules/taxonomy/lib/Drupal/taxonomy/Tests/TokenReplaceTest.php
index d3a938b..5eb1f13 100644
--- a/core/modules/taxonomy/lib/Drupal/taxonomy/Tests/TokenReplaceTest.php
+++ b/core/modules/taxonomy/lib/Drupal/taxonomy/Tests/TokenReplaceTest.php
@@ -7,6 +7,7 @@
namespace Drupal\taxonomy\Tests;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Field\FieldDefinitionInterface;
use Drupal\Core\Language\Language;
use Drupal\Component\Utility\String;
@@ -135,7 +136,7 @@ function testTaxonomyTokenReplacement() {
$tests = array();
$tests['[vocabulary:vid]'] = $this->vocabulary->id();
$tests['[vocabulary:name]'] = String::checkPlain($this->vocabulary->name);
- $tests['[vocabulary:description]'] = filter_xss($this->vocabulary->description);
+ $tests['[vocabulary:description]'] = Xss::filter($this->vocabulary->description);
$tests['[vocabulary:node-count]'] = 1;
$tests['[vocabulary:term-count]'] = 2;
diff --git a/core/modules/taxonomy/taxonomy.tokens.inc b/core/modules/taxonomy/taxonomy.tokens.inc
index f89f0a6..0e1d7f2 100644
--- a/core/modules/taxonomy/taxonomy.tokens.inc
+++ b/core/modules/taxonomy/taxonomy.tokens.inc
@@ -6,6 +6,7 @@
*/
use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Xss;
/**
* Implements hook_token_info().
@@ -164,7 +165,7 @@ function taxonomy_tokens($type, $tokens, array $data = array(), array $options =
break;
case 'description':
- $replacements[$original] = $sanitize ? filter_xss($vocabulary->description) : $vocabulary->description;
+ $replacements[$original] = $sanitize ? Xss::filter($vocabulary->description) : $vocabulary->description;
break;
case 'term-count':
diff --git a/core/modules/tour/lib/Drupal/tour/Plugin/tour/tip/TipPluginText.php b/core/modules/tour/lib/Drupal/tour/Plugin/tour/tip/TipPluginText.php
index d883490..1858370 100644
--- a/core/modules/tour/lib/Drupal/tour/Plugin/tour/tip/TipPluginText.php
+++ b/core/modules/tour/lib/Drupal/tour/Plugin/tour/tip/TipPluginText.php
@@ -7,6 +7,7 @@
namespace Drupal\tour\Plugin\tour\tip;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
use Drupal\Core\Utility\Token;
use Drupal\tour\TipPluginBase;
@@ -119,7 +120,7 @@ public function getAttributes() {
*/
public function getOutput() {
$output = '' . check_plain($this->getLabel()) . '
';
- $output .= '' . filter_xss_admin($this->token->replace($this->getBody())) . '
';
+ $output .= '' . Xss::filterAdmin($this->token->replace($this->getBody())) . '
';
return array('#markup' => $output);
}
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index ab9a163..91d25e6 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -607,7 +607,7 @@ function user_template_preprocess_default_variables_alter(&$variables) {
*
* Modules that make any changes to variables like 'name' or 'extra' must ensure
* that the final string is safe to include directly in the output by using
- * check_plain() or filter_xss().
+ * check_plain() or \Drupal\Component\Utility\Xss::filter.
*/
function template_preprocess_username(&$variables) {
$account = $variables['account'] ?: drupal_anonymous_user();
diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/field/Boolean.php b/core/modules/views/lib/Drupal/views/Plugin/views/field/Boolean.php
index c0676a3..484aeb5 100644
--- a/core/modules/views/lib/Drupal/views/Plugin/views/field/Boolean.php
+++ b/core/modules/views/lib/Drupal/views/Plugin/views/field/Boolean.php
@@ -7,6 +7,7 @@
namespace Drupal\views\Plugin\views\field;
+use Drupal\Component\Utility\Xss as UtilityXss;
use Drupal\views\ResultRow;
use Drupal\views\ViewExecutable;
use Drupal\views\Plugin\views\display\DisplayPluginBase;
@@ -110,7 +111,7 @@ public function render(ResultRow $values) {
}
if ($this->options['type'] == 'custom') {
- return $value ? filter_xss_admin($this->options['type_custom_true']) : filter_xss_admin($this->options['type_custom_false']);
+ return $value ? UtilityXss::filterAdmin($this->options['type_custom_true']) : UtilityXss::filterAdmin($this->options['type_custom_false']);
}
elseif (isset($this->formats[$this->options['type']])) {
return $value ? $this->formats[$this->options['type']][0] : $this->formats[$this->options['type']][1];
diff --git a/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php b/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php
index 08c12cc..b3c85c1 100644
--- a/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php
+++ b/core/modules/views/lib/Drupal/views/Plugin/views/field/FieldPluginBase.php
@@ -9,6 +9,7 @@
use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\String;
+use Drupal\Component\Utility\Xss;
use Drupal\views\Plugin\views\HandlerBase;
use Drupal\views\Plugin\views\display\DisplayPluginBase;
use Drupal\views\ResultRow;
@@ -1248,7 +1249,7 @@ public function renderText($alter) {
if ($this->options['alter']['more_link'] && strlen($value) < $length) {
$tokens = $this->getRenderTokens($alter);
$more_link_text = $this->options['alter']['more_link_text'] ? $this->options['alter']['more_link_text'] : t('more');
- $more_link_text = strtr(filter_xss_admin($more_link_text), $tokens);
+ $more_link_text = strtr(Xss::filterAdmin($more_link_text), $tokens);
$more_link_path = $this->options['alter']['more_link_path'];
$more_link_path = strip_tags(decode_entities(strtr($more_link_path, $tokens)));
@@ -1285,7 +1286,7 @@ public function renderText($alter) {
*/
protected function renderAltered($alter, $tokens) {
// Filter this right away as our substitutions are already sanitized.
- $value = filter_xss_admin($alter['text']);
+ $value = Xss::filterAdmin($alter['text']);
$value = strtr($value, $tokens);
return $value;
@@ -1311,7 +1312,7 @@ protected function renderAsLink($alter, $text, $tokens) {
$value = '';
if (!empty($alter['prefix'])) {
- $value .= filter_xss_admin(strtr($alter['prefix'], $tokens));
+ $value .= Xss::filterAdmin(strtr($alter['prefix'], $tokens));
}
$options = array(
@@ -1451,7 +1452,7 @@ protected function renderAsLink($alter, $text, $tokens) {
$value .= l($text, $path, $options);
if (!empty($alter['suffix'])) {
- $value .= filter_xss_admin(strtr($alter['suffix'], $tokens));
+ $value .= Xss::filterAdmin(strtr($alter['suffix'], $tokens));
}
return $value;
diff --git a/core/modules/views/lib/Drupal/views/Tests/Plugin/RowEntityTest.php b/core/modules/views/lib/Drupal/views/Tests/Plugin/RowEntityTest.php
index bb47904..a2aec3e 100644
--- a/core/modules/views/lib/Drupal/views/Tests/Plugin/RowEntityTest.php
+++ b/core/modules/views/lib/Drupal/views/Tests/Plugin/RowEntityTest.php
@@ -7,6 +7,7 @@
namespace Drupal\views\Tests\Plugin;
+use Drupal\Component\Utility\Xss;
use Drupal\views\Views;
use Drupal\views\Tests\ViewUnitTestBase;
@@ -103,7 +104,7 @@ protected function assertText($text, $message = '', $group = 'Other') {
if (!$message) {
$message = t('Raw "@raw" found', array('@raw' => $text));
}
- return $this->assert(strpos(filter_xss($this->content, array()), $text) !== FALSE, $message, $group);
+ return $this->assert(strpos(Xss::filter($this->content, array()), $text) !== FALSE, $message, $group);
}
}
diff --git a/core/modules/views/tests/modules/views_test_data/lib/Drupal/views_test_data/Plugin/views/display/DisplayTest.php b/core/modules/views/tests/modules/views_test_data/lib/Drupal/views_test_data/Plugin/views/display/DisplayTest.php
index a297fc3..1447c67 100644
--- a/core/modules/views/tests/modules/views_test_data/lib/Drupal/views_test_data/Plugin/views/display/DisplayTest.php
+++ b/core/modules/views/tests/modules/views_test_data/lib/Drupal/views_test_data/Plugin/views/display/DisplayTest.php
@@ -7,6 +7,7 @@
namespace Drupal\views_test_data\Plugin\views\display;
+use Drupal\Component\Utility\Xss;
use Drupal\views\Plugin\views\display\DisplayPluginBase;
/**
@@ -124,7 +125,7 @@ public function execute() {
$render = $this->view->render();
// Render the test option as the title before the view output.
- $render['#prefix'] = '' . filter_xss_admin($this->options['test_option']) . '
';
+ $render['#prefix'] = '' . Xss::filterAdmin($this->options['test_option']) . '
';
return $render;
}
diff --git a/core/modules/views/views.theme.inc b/core/modules/views/views.theme.inc
index eaf3d86..d01235d 100644
--- a/core/modules/views/views.theme.inc
+++ b/core/modules/views/views.theme.inc
@@ -62,7 +62,7 @@ function template_preprocess_views_view(&$variables) {
// @todo: Figure out whether this belongs into views_ui_preprocess_views_view.
// Render title for the admin preview.
- $variables['title'] = !empty($view->views_ui_context) ? filter_xss_admin($view->getTitle()) : '';
+ $variables['title'] = !empty($view->views_ui_context) ? Xss::filterAdmin($view->getTitle()) : '';
if ($view->display_handler->renderPager()) {
$exposed_input = isset($view->exposed_raw_input) ? $view->exposed_raw_input : NULL;
@@ -203,7 +203,7 @@ function template_preprocess_views_view_fields(&$variables) {
}
if (!empty($variables['options']['separator']) && $previous_inline && $object->inline && $object->content) {
- $object->separator = filter_xss_admin($variables['options']['separator']);
+ $object->separator = Xss::filterAdmin($variables['options']['separator']);
}
$object->class = drupal_clean_css_identifier($id);
@@ -453,7 +453,7 @@ function template_preprocess_views_view_summary_unformatted(&$variables) {
foreach ($variables['rows'] as $id => $row) {
// Only false on first time.
if ($count++) {
- $variables['rows'][$id]->separator = filter_xss_admin($variables['options']['separator']);
+ $variables['rows'][$id]->separator = Xss::filterAdmin($variables['options']['separator']);
}
$variables['rows'][$id]->attributes = array();
$variables['rows'][$id]->link = $argument->summaryName($row);
@@ -643,7 +643,7 @@ function template_preprocess_views_view_table(&$variables) {
// Place the field into the column, along with an optional separator.
if (!empty($column_reference['content'])) {
if (!empty($options['info'][$column]['separator'])) {
- $column_reference['content'] .= filter_xss_admin($options['info'][$column]['separator']);
+ $column_reference['content'] .= Xss::filterAdmin($options['info'][$column]['separator']);
}
}
else {
diff --git a/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php b/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php
index 4af7770..03b0d6c 100644
--- a/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php
+++ b/core/modules/views_ui/lib/Drupal/views_ui/ViewEditFormController.php
@@ -7,6 +7,7 @@
namespace Drupal\views_ui;
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Ajax\AjaxResponse;
use Drupal\Core\Ajax\HtmlCommand;
use Drupal\Core\Ajax\ReplaceCommand;
@@ -1048,7 +1049,7 @@ public function getFormBucket(ViewUI $view, $type, $display) {
$field_name = '(' . $relationships[$field['relationship']] . ') ' . $field_name;
}
- $description = filter_xss_admin($handler->adminSummary());
+ $description = Xss::filterAdmin($handler->adminSummary());
$link_text = $field_name . (empty($description) ? '' : " ($description)");
$link_attributes = array('class' => array('views-ajax-link'));
if (!empty($field['exclude'])) {
diff --git a/core/modules/views_ui/lib/Drupal/views_ui/ViewUI.php b/core/modules/views_ui/lib/Drupal/views_ui/ViewUI.php
index f959d0d..90988fd 100644
--- a/core/modules/views_ui/lib/Drupal/views_ui/ViewUI.php
+++ b/core/modules/views_ui/lib/Drupal/views_ui/ViewUI.php
@@ -9,6 +9,7 @@
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\Timer;
+use Drupal\Component\Utility\Xss;
use Drupal\views\Views;
use Drupal\Core\Entity\EntityStorageControllerInterface;
use Drupal\views\ViewExecutable;
@@ -670,7 +671,7 @@ public function renderPreview($display_id, $args = array()) {
}
}
if ($show_info) {
- $rows['query'][] = array('' . t('Title') . '', filter_xss_admin($this->executable->getTitle()));
+ $rows['query'][] = array('' . t('Title') . '', Xss::filterAdmin($this->executable->getTitle()));
if (isset($path)) {
$path = l($path, $path);
}
diff --git a/core/themes/bartik/bartik.theme b/core/themes/bartik/bartik.theme
index 642674c..ba4917d 100644
--- a/core/themes/bartik/bartik.theme
+++ b/core/themes/bartik/bartik.theme
@@ -5,6 +5,7 @@
* Functions to support theming in the Bartik theme.
*/
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Template\RenderWrapper;
/**
@@ -183,6 +184,6 @@ function _bartik_process_page(&$variables) {
}
if ($variables['hide_site_slogan']) {
// If toggle_site_slogan is FALSE, the site_slogan will be empty, so we rebuild it.
- $variables['site_slogan'] = filter_xss_admin($site_config->get('slogan'));
+ $variables['site_slogan'] = Xss::filterAdmin($site_config->get('slogan'));
}
}
diff --git a/core/themes/seven/seven.theme b/core/themes/seven/seven.theme
index 6f5ce6b..d77d56d 100644
--- a/core/themes/seven/seven.theme
+++ b/core/themes/seven/seven.theme
@@ -5,6 +5,7 @@
* Functions to support theming in the Seven theme.
*/
+use Drupal\Component\Utility\Xss;
use Drupal\Core\Template\RenderWrapper;
use Drupal\Component\Utility\String;
@@ -121,7 +122,7 @@ function seven_node_add_list($variables) {
foreach ($content as $type) {
$output .= '';
$content = '' . check_plain($type->name) . '';
- $content .= '' . filter_xss_admin($type->description) . '
';
+ $content .= '' . Xss::filterAdmin($type->description) . '
';
$options['html'] = TRUE;
$output .= l($content, 'node/add/' . $type->type, $options);
$output .= '';
@@ -146,7 +147,7 @@ function seven_custom_block_add_list($variables) {
foreach ($variables['types'] as $id => $type) {
$output .= '';
$content = '' . check_plain($type['title']) . '';
- $content .= '' . filter_xss_admin($type['description']) . '
';
+ $content .= '' . Xss::filterAdmin($type['description']) . '
';
$options = $type['localized_options'];
$options['html'] = TRUE;
$output .= \Drupal::l($content, 'custom_block.add_form', array('custom_block_type' => $id), $options);
@@ -169,11 +170,11 @@ function seven_admin_block_content($variables) {
$output = system_admin_compact_mode() ? '