From 08beef03330033a9d30fe55df6de4ba35637acf6 Mon Sep 17 00:00:00 2001 From: Alex Pott Date: Wed, 26 Aug 2015 00:38:17 +0100 Subject: [PATCH] Issue #2556895 by mpdonadio: Fix comment in Xss::filter() --- core/lib/Drupal/Component/Utility/Xss.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/core/lib/Drupal/Component/Utility/Xss.php b/core/lib/Drupal/Component/Utility/Xss.php index 6fdeb684259c..d61d82119a65 100644 --- a/core/lib/Drupal/Component/Utility/Xss.php +++ b/core/lib/Drupal/Component/Utility/Xss.php @@ -88,10 +88,7 @@ class Xss { $splitter = function ($matches) use ($html_tags, $class) { return $class::split($matches[1], $html_tags, $class); }; - // Strip any tags that are not in the whitelist, then mark the text as safe - // for output. All other known XSS vectors have been filtered out by this - // point and any HTML tags remaining will have been deliberately allowed, so - // it is acceptable to call SafeMarkup::set() on the resultant string. + // Strip any tags that are not in the whitelist. return preg_replace_callback('% ( <(?=[^a-zA-Z!/]) # a lone <