-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathHtmlSerializerRules.php
More file actions
41 lines (32 loc) · 1006 Bytes
/
HtmlSerializerRules.php
File metadata and controls
41 lines (32 loc) · 1006 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php
declare(strict_types = 1);
namespace Drupal\Component\Utility;
use Masterminds\HTML5\Serializer\OutputRules;
// cspell:ignore drupalhtmlbuilder
/**
* Drupal-specific HTML5 serializer rules.
*
* Drupal's XSS filtering cannot handle entities inside element attribute
* values. The XSS filtering was written based on W3C XML recommendations
* which constituted that the ampersand character (&) and the angle
* brackets (< and >) must not appear in their literal form in attribute
* values. This differs from the HTML living standard which permits angle
* brackets.
*
* @see core/modules/ckeditor5/js/ckeditor5_plugins/drupalHtmlEngine/src/drupalhtmlbuilder.js
*/
class HtmlSerializerRules extends OutputRules {
/**
* {@inheritdoc}
*/
protected function escape($text, $attribute = FALSE) {
$text = parent::escape($text, $attribute);
if ($attribute) {
$text = strtr($text, [
'<' => '<',
'>' => '>',
]);
}
return $text;
}
}