diff options
Diffstat (limited to 'modules/filter/filter.module')
| -rw-r--r-- | modules/filter/filter.module | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/modules/filter/filter.module b/modules/filter/filter.module index 2a4dc3cd3..fe2e77e42 100644 --- a/modules/filter/filter.module +++ b/modules/filter/filter.module @@ -1098,6 +1098,20 @@ function _filter_autop($text) { } /** + * Very permissive XSS/HTML filter for admin-only use. + * + * Use only for fields where it is impractical to use the + * whole filter system, but where some (mainly inline) mark-up + * is desired (so check_plain() is not acceptable). + * + * Allows all tags that can be used inside an HTML body, save + * for scripts and styles. + */ +function filter_xss_admin($string) { + return filter_xss($string, array('a', 'abbr', 'acronym', 'address', 'b', 'bdo', 'big', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'h', 'h', 'h', 'h', 'h', 'h', 'hr', 'i', 'img', 'ins', 'kbd', 'li', 'object', 'ol', 'p', 'param', 'pre', 'q', 'samp', 'small', 'span', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'tt', 'ul', 'var')); +} + +/** * Filters XSS. Based on kses by Ulf Harnhammar, see * http://sourceforge.net/projects/kses * |