Why filter_xss() is a Friend to Module Developers

When writing custom modules, few functions are as useful as filter_xss(). In a nutshell, this function protects your web site from both malicious HTML and unwanted tags.

The function takes some text and, in effect, "cleans" it based on some very simple rules. First and foremost, it makes sure any HTML elements, tags, and attributes are well-formed. It also removes any non-standard characters and constructs that can trick browsers. Finally, it can remove any HTML tags depending on an argument passed to the function.

The function can be used when printing out text to the user or when importing text from a not-completely-trustworthy source. In the past, I've also used it to simply remove HTML tags that I didn't want showing up anymore. If you do any Drupal development, familiarity with this function is a must.

Sign up to receive email notifications of whenever we publish a new blog post or quicktip!