| Current Path : /var/www/html/rocksensor2/web/core/lib/Drupal/Component/Utility/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : /var/www/html/rocksensor2/web/core/lib/Drupal/Component/Utility/HtmlSerializerRules.php |
<?php
declare(strict_types = 1);
namespace Drupal\Component\Utility;
use Masterminds\HTML5\Serializer\OutputRules;
// cspell:ignore drupalhtmlbuilder
/**
* Drupal-specific HTML5 serializer rules.
*
* Drupal's XSS filtering cannot handle entities inside element attribute
* values. The XSS filtering was written based on W3C XML recommendations
* which constituted that the ampersand character (&) and the angle
* brackets (< and >) must not appear in their literal form in attribute
* values. This differs from the HTML living standard which permits angle
* brackets.
*
* @see core/modules/ckeditor5/js/ckeditor5_plugins/drupalHtmlEngine/src/drupalhtmlbuilder.js
*/
class HtmlSerializerRules extends OutputRules {
/**
* {@inheritdoc}
*/
protected function escape($text, $attribute = FALSE) {
$text = parent::escape($text, $attribute);
if ($attribute) {
$text = strtr($text, [
'<' => '<',
'>' => '>',
]);
}
return $text;
}
}