Skip navigation

Sanitization functions

  1. drupal
    1. 7 drupal/includes/

Functions to sanitize values.

See for information on writing secure code.

Functions & methods

check_markupRun all the enabled filters on a piece of text.
check_plainEncode special characters in a plain-text string for display as HTML.
check_urlStrips dangerous protocols (e.g. 'javascript:') from a URI and encodes it for output to an HTML attribute value.
drupal_attributesConverts an associative array to an attribute string for use in XML/HTML tags.
drupal_strip_dangerous_protocolsStrips dangerous protocols (e.g. 'javascript:') from a URI.
filter_xssFilters an HTML string to prevent cross-site-scripting (XSS) vulnerabilities.
filter_xss_adminVery permissive XSS/HTML filter for admin-only use.
filter_xss_bad_protocolProcesses an HTML attribute value and ensures it does not contain an URL with a disallowed protocol (e.g. javascript:).
get_tReturns the name of the proper localization function.
stFunctional equivalent of t(), used when some systems are not available.
tTranslates a string to the current language or to a given language.
_filter_xss_attributesProcesses a string of HTML attributes.
_filter_xss_splitProcesses an HTML tag.


drupal/includes/, line 1207
Common functions that many Drupal modules will need to reference.