function filter_xss_bad_protocol
filter_xss_bad_protocol($string, $decode = TRUE)
Processes an HTML attribute value and strips dangerous protocols from URLs.
Parameters
$string: The string with the attribute value.
$decode: (deprecated) Whether to decode entities in the $string. Set to FALSE if the $string is in plain text, TRUE otherwise. Defaults to TRUE. This parameter is deprecated and will be removed in Drupal 8. To process a plain-text URI, call drupal_strip_dangerous_protocols() or check_url() instead.
Return value
Cleaned up and HTML-escaped version of $string.
Related topics
File
- includes/common.inc, line 1698
- Common functions that many Drupal modules will need to reference.
Code
function filter_xss_bad_protocol($string, $decode = TRUE) { // Get the plain text representation of the attribute value (i.e. its meaning). // @todo Remove the $decode parameter in Drupal 8, and always assume an HTML // string that needs decoding. if ($decode) { if (!function_exists('decode_entities')) { require_once DRUPAL_ROOT . '/includes/unicode.inc'; } $string = decode_entities($string); } return check_plain(drupal_strip_dangerous_protocols($string)); }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/includes!common.inc/function/filter_xss_bad_protocol/7.x