Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
If we rely on token_replace to sanitize the token output, then any token replacement that contains html will have all tags escaped, making it infeasible to use tokens with any form of markup.
This patch turns off token_replace's sanitization operation, and replaces it with a call to filter_xss. An administration page for token_filter is also added, so that admins may select the tags that they wish to allow in token replacements.
Comment | File | Size | Author |
---|---|---|---|
token_filter_filter_xss.patch | 3 KB | greg.1.anderson |
Comments
Comment #1
darvanenThis module is not intended to extend the functionality of tokens beyond making them available in formatted text.
I think it's a great idea but would be better off as a request on the token module.