Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2556895 by mpdonadio: Fix comment in Xss::filter()

8.0.x
Alex Pott 2015-08-26 00:38:17 +01:00
parent 6ad0357621
commit 08beef0333
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/lib/Drupal/Component/Utility/Xss.php
View File

@ -88,10 +88,7 @@ class Xss {
$splitter = function ($matches) use ($html_tags, $class) { $splitter = function ($matches) use ($html_tags, $class) {
return $class::split($matches[1], $html_tags, $class); return $class::split($matches[1], $html_tags, $class);
}; };
// Strip any tags that are not in the whitelist, then mark the text as safe // Strip any tags that are not in the whitelist.
// for output. All other known XSS vectors have been filtered out by this
// point and any HTML tags remaining will have been deliberately allowed, so
// it is acceptable to call SafeMarkup::set() on the resultant string.
return preg_replace_callback('% return preg_replace_callback('%
( (
<(?=[^a-zA-Z!/]) # a lone < <(?=[^a-zA-Z!/]) # a lone <