class HtmlSerializerRules

Drupal-specific HTML5 serializer rules.

Drupal's XSS filtering cannot handle entities inside element attribute values. The XSS filtering was written based on W3C XML recommendations which constituted that the ampersand character (&) and the angle brackets (< and >) must not appear in their literal form in attribute values. This differs from the HTML living standard which permits angle brackets.

Hierarchy

Expanded class hierarchy of HtmlSerializerRules

See also

core/modules/ckeditor5/js/ckeditor5_plugins/drupalHtmlEngine/src/drupalhtmlbuilder.js

File

core/lib/Drupal/Component/Utility/HtmlSerializerRules.php, line 23

Namespace

Drupal\Component\Utility
View source 
class HtmlSerializerRules extends OutputRules {
    
    /**
     * {@inheritdoc}
     */
    protected function escape($text, $attribute = FALSE) {
        $text = parent::escape($text, $attribute);
        if ($attribute) {
            $text = strtr($text, [
                '<' => '&lt;',
                '>' => '&gt;',
            ]);
        }
        return $text;
    }

}

Members

Title Modifiers Object type Summary Overriden Title
HtmlSerializerRules::escape protected function Escape test. Overrides OutputRules::escape
OutputRules::$encode protected property
OutputRules::$hasHTML5 private property Used as cache to detect if is available ENT_HTML5.
OutputRules::$implicitNamespaces protected property Holds the HTML5 element names that causes a namespace switch.
OutputRules::$nonBooleanAttributes protected property
OutputRules::$out protected property
OutputRules::$outputMode protected property
OutputRules::$traverser protected property
OutputRules::$xpath private property
OutputRules::addRule public function
OutputRules::attrs protected function
OutputRules::cdata public function Write a CDATA node. Overrides RulesInterface::cdata
OutputRules::closeTag protected function Write the closing tag.
OutputRules::comment public function Write a comment node. Overrides RulesInterface::comment
OutputRules::doctype protected function
OutputRules::DOCTYPE constant
OutputRules::document public function Write a document element (\DOMDocument). Overrides RulesInterface::document
OutputRules::element public function Write an element. Overrides RulesInterface::element
OutputRules::enc protected function Encode text.
OutputRules::getXPath private function
OutputRules::IM_IN_HTML constant
OutputRules::IM_IN_MATHML constant
OutputRules::IM_IN_SVG constant
OutputRules::namespaceAttrs protected function Write the namespace attributes.
OutputRules::NAMESPACE_HTML constant Defined in http://www.w3.org/TR/html51/infrastructure.html#html-namespace-0.
OutputRules::NAMESPACE_MATHML constant
OutputRules::NAMESPACE_SVG constant
OutputRules::NAMESPACE_XLINK constant
OutputRules::NAMESPACE_XML constant
OutputRules::NAMESPACE_XMLNS constant
OutputRules::nl protected function Write a new line character.
OutputRules::nonBooleanAttribute protected function
OutputRules::openTag protected function Write the opening tag.
OutputRules::processorInstruction public function Write a processor instruction. Overrides RulesInterface::processorInstruction
OutputRules::setTraverser public function Register the traverser used in but the rules. Overrides RulesInterface::setTraverser
OutputRules::text public function Write a text node. Overrides RulesInterface::text
OutputRules::unsetTraverser public function
OutputRules::wr protected function Write to the output.
OutputRules::__construct public function The class constructor. Overrides RulesInterface::__construct