Filtering Content checkplain checkmarkup filterxssadmin

One major area of security and the Drupal API is filtering user-supplied content. As you've seen so far, this is often done automatically as part of another API, which has its own motivation. However, there are cases where the filtering must be done for its own benefit. In these cases, developers must call the appropriate filter functions directly. The three major functions are check_plain, check_markup, and filter_xss_admin. Table 5-2 gives an overview of each of the functions.

Table 5-2 Overview of filter functions

FILTERING FUNCTION

WHEN TO USE IT

check_plain

To present all HTML as encoded entities.

check_markup

To allow at least some HTML.

When a user has selected a specific format.

When you are unsure of the format, and need HTML, but need to limit the HTML that is allowed, use the

"default" format as a fallback.

filter_xss_admin

For text entered by administrators where HTML may be appropriate.

Was this article helpful?

0 0

Post a comment