function filter_xss($string, $allowerd_tags);
* This code does four things:
* - Removes characters and constructs that can trick browsers.
* - Makes sure all HTML entities are well-formed.
* - Makes sure all HTML tags and attributes are well-formed.
* - Makes sure no HTML tags contain URLs with a disallowed protocol (e.g.
* javascript:).
@return
* An XSS safe version of $string, or an empty string if $string is not
* valid UTF-8.
function filter_xss_admin($string);
* Applies a very permissive XSS/HTML filter for admin-only use.
filter_xss_admin is a just a very permissive filter_xss().
function filter_xss_bad_protocol($string, $decode = TRUE);
* Processes an HTML attribute value and strips dangerous protocols from URLs.
function filter_xss_data_attributes($html);
* Applies a very permissive XSS/HTML filter to data-attributes.
* Contrib modules which allow rich text fields to be edited using client-side
* WYSIWYG editors must apply XSS filtering to the contents of data-attributes
* since they can contain encoded HTML markup that could be decoded and
* interpreted by editors.
